Monthly Archive: June 2019

Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector...

The application (Network Configurator for DeviceNet Safety 3.41 and prior) searches for resources by means of an untrusted search path that could execute a malicious .dll file not under the application’s direct control and...

A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker...

A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver. The security vulnerability can be exploited...

An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka ‘Microsoft Browser Information Disclosure Vulnerability’. Date published : 2019-06-12 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1081

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0920, CVE-2019-0988, CVE-2019-1005,...

An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations, aka ‘Task Scheduler Elevation of Privilege Vulnerability’. Date published : 2019-06-12 https://www.kb.cert.org/vuls/id/119704 https://blog.0patch.com/2019/06/another-task-scheduler-0day-another.html

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-1041. Date published :...

An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka ‘Windows Elevation of Privilege Vulnerability’. Date published : 2019-06-12 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1064

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-0920, CVE-2019-0988, CVE-2019-1005,...

A security feature bypass vulnerability exists in Edge that allows for bypassing Mark of the Web Tagging (MOTW), aka ‘Microsoft Edge Security Feature Bypass Vulnerability’. Date published : 2019-06-12 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1054

An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts, aka ‘Windows Shell Elevation of Privilege Vulnerability’. Date published : 2019-06-12 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1053

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from...

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka ‘Chakra Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from...