Advisories archive

SSD Advisory – Cisco ISE Unauthenticated XSS to Privileged RCE
Vulnerabilities SummaryCisco Identity Services Engine (ISE) contains three vulnerabilities that when exploited allow an unauthenticated attacker to achieve root privileges
SSD Advisory – SME Server Unauthenticated XSS To Privileged Remote Code Execution
Vulnerabilities SummaryThe following advisory describes a vulnerability in SME Server 9.2, which lets an unauthenticated attackers perform XSS attack that
SSD Advisory – Apache OpenOffice Virtual Table Corruption
Vulnerabilities SummaryThe following advisory discusses a vulnerability found in Apache OpenOffice. The vulnerability lays inside the part that responsible for
SSD Advisory – iOS/macOS Kernel task_inspect Information Leak
Vulnerabilities Summary The following advisory discusses a bug found in the kernel function task_inspect which a local user may exploit
SSD Advisory – iOS/macOS Safari Sandbox Escape via QuartzCore Heap Overflow
Vulnerabilities Summary QuartzCore ( https://developer.apple.com/documentation/quartzcore ), also known as CoreAnimation, is a framework use by macOS and iOS to build
SSD Advisory – Symfony Framework forward() Remote Code Execution
Vulnerability Summary The following advisory describes a vulnerability found in Symfony 3.4 - a PHP framework that is used to
SSD Advisory – Chrome AppCache Subsystem SBX by utilizing a Use After Free
Vulnerabilities Summary The vulnerability exists in the AppCache subsystem in Chrome Versions 69.0 and before. This code is located in
SSD Advisory – Chrome Type Confusion in JSCreateObject Operation to RCE
Vulnerabilities Summary The following advisory discusses a vulnerability found in turbofan, the JIT compiler. We can trigger the JavaScript code
SSD Advisory – Firefox JavaScript Type Confusion RCE
Vulnerabilities Summary A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and
SSD Advisory – Firefox Information Leak
Vulnerabilities Summary A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer