The vulnerability of the Windows operating system, related to errors in processing files with the .LNK extension, allows a hacker to execute arbitrary code.

The vulnerability of the Windows operating system is related to errors in processing files with the extension .LNK. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the target system with current user privileges, by placing a specially created file in a network...

Delta Industrial Automation DOPSoft DPA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected instances of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/mozilla-firefox-68.0.2esr-i686-1slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more...

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability

Internet Explorer is a web browser from Microsoft. Formerly known as Microsoft Internet Explorer prior to version 6 and Windows Internet Explorer versions 7, 8, 9, 10, 11, or IE for short. A memory corruption vulnerability exists in the Microsoft Internet Explorer scripting engine. The...

Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CNVD-2019-28644)

Edge is Microsoft's browser for Windows 10.Chakra JScript engine is a JavaScript engine developed by Microsoft for its web browsers Internet Explorer 9, Internet Explorer 10, Internet Explorer 11, and Microsoft Edge web browsers. A memory corruption vulnerability exists in Microsoft Edge. The...

Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CNVD-2019-28645)

Edge is Microsoft's browser for Windows 10.Chakra JScript engine is a JavaScript engine developed by Microsoft for its web browsers Internet Explorer 9, Internet Explorer 10, Internet Explorer 11, and Microsoft Edge web browsers. A memory corruption vulnerability exists in Microsoft Edge. The...

Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CNVD-2019-28640)

Edge is Microsoft's browser for Windows 10.Chakra JScript engine is a JavaScript engine developed by Microsoft for its web browsers Internet Explorer 9, Internet Explorer 10, Internet Explorer 11, and Microsoft Edge web browsers. A memory corruption vulnerability exists in Microsoft Edge. The...

Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CNVD-2019-28641)

Edge is Microsoft's browser for Windows 10, Chakra JScript engine is a JavaScript engine developed by Microsoft for its Internet Explorer 9, Internet Explorer 10, Internet Explorer 11 and Microsoft Edge and other web browsers. A memory corruption vulnerability exists in Microsoft Edge. The...

Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CNVD-2019-28642)

Edge is Microsoft's browser for Windows 10, characterized as fast and secure.Chakra JScript engine is a JavaScript engine developed by Microsoft for its Internet Explorer 9, Internet Explorer 10, Internet Explorer 11, and Microsoft Edge web browsers. A memory corruption vulnerability exists in...

PT-2019-3065 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge HTML-based affected versions not specified Description: A remote code execution issue exists in the way the Chakra scripting engine handles objects in memory. This could allow an attacker to corrupt memory and execute arbitrary...

Microsoft Word DOC File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOC...

Microsoft Windows Font Subsetting Library Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within fontsub.dll. The...

Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JET database...

Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JET database...

The vulnerability of the page handler /login_disconnect/current_admins in the FortiOS operating system allows a hacker to upload arbitrary files to the device.

The vulnerability of the /logindisconnect/currentadmins page handler in the FortiOS operating system is related to access control errors. Exploiting this vulnerability allows a malicious actor to upload arbitrary files to a device using specially crafted POST requests...

Microsoft Windows Font Subsetting Library Double Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within fontsub.dll. The...

[slackware-security] kdelibs

New kdelibs packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/kdelibs-4.14.38-i586-1slack14.2.txz: Upgraded. kconfig: malicious .desktop files and others would execute code. For more information...

Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

procps: Local privilege escalation in top

If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of...