Foxit Reader Format String Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processin...

Foxit Reader Text removeField Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method...

Microsoft Windows ADODB Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within msado15.dll. B...

The vulnerability in the web interface of the Cisco IOS XE operating system allows a hacker to perform arbitrary actions in the context of the current user.

The vulnerability of the Cisco IOS XE operating system’s web interface is related to the lack of authentication for the requests being executed. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions on behalf of the current user, using a specially crafted link...

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/mozilla-thunderbird-60.7.2-i686-1slack14.2.txz: Upgraded. This release contains security fixes and improvements. For mor...

Updated git packages fix security vulnerability

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was a dangerous change from execvp to execv during 2017 CVE-2018-19486...

Phoenix Contact Automationworx BCP File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Phoenix Contact Automationworx. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

Update for Windows Server 2008 SP2: June 20, 2019

Update for Windows Server 2008 SP2: June 20, 2019 Summary This update for Windows Server 2008 SP2 includes the quality improvements from KB4503287 released June 11, 2019, in addition to these key changes: Addresses an issue that may display the error, “MMC has detected an error in a snap-in and...

Microsoft Windows gdiplus Font Parsing Uninitialized Pointer Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Remote Code Execution (RCE)

ChakraCore is vulnerable to remote code execution RCE. This is due to how the scripting engine handles objects in memory, allowing a remote attacker to execute arbitrary code in the context of the current user...

Panasonic Control FPWIN PRO Project File Parsing sc_app Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Control FPWin Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Panasonic Control FPWIN PRO Project File Parsing ctreestd Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Control FPWin Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2019-1043

A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability coul...

CVE-2019-1038

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

Microsoft Edge and ChakraCore Buffer Overflow Vulnerability (CNVD-2019-18617)

Microsoft ChakraCore and Microsoft Edge are both products of Microsoft Corporation.ChakraCore is the core of an open-source Chakra JavaScript scripting engine used in the Edge browser, and is also available as a standalone JavaScript engine. Microsoft Edge is a web browser that comes with Windows...

Chakra Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

Adobe Flash Player LocalConnection Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Word DOCX Parsing Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...

Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...