Microsoft Windows VBScript Array Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft VBScript. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling ...

The vulnerability of the console-based FTP client lftp arises from insufficient validation of input data, allowing a hacker to delete files from the system’s current working directory.

The vulnerability of the console-based FTP client lftp exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to delete files from the current working directory of the system remotely...

CVE-2013-2806

Rockwell Automation RSLinx Enterprise Software LogReceiver.exe CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “End of Current Record” field. By sending a...

Apple Safari GraphicsContext Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the GraphicsContext...

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/mozilla-thunderbird-60.6.1-i686-1slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more...

CVE-2019-6730

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the popUpMenu metho...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the popUpMenu metho...

[slackware-security] libssh2

New libssh2 packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/libssh2-1.8.1-i586-1slack14.2.txz: Upgraded. Fixed several security issues. For more information, see:...

Observations from RSA Conference, 2019

Last week, the 2019 RSA Conference was held with typical energy and exuberance in San Francisco. One of the largest cybersecurity industry conferences, it had over 700 exhibiting vendors not including another 50 in their Early Stage Expo area and over 500 sessions covering a wide range of current...

Microsoft ChakraCore and Microsoft Edge Remote Code Execution Vulnerabilities

Microsoft ChakraCore and Microsoft Edge are both products of Microsoft Corporation.ChakraCore is the core of an open-source Chakra JavaScript scripting engine used in the Edge browser, and is also available as a standalone JavaScript engine. Microsoft Edge is a web browser that comes with Windows...

Microsoft Edge Remote Code Execution Vulnerability (CNVD-2019-16747)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A remote code execution vulnerability exists in Microsoft Edge, which can be exploited by a remote attacker to execute arbitrary code in the context of the current user, resulting in memo...

Microsoft ChakraCore and Edge Remote Memory Corruption Vulnerability

Microsoft Edge is a web browser developed by Microsoft.ChakraCore is the core of the open source Chakra JavaScript scripting engine, which can also be used as a standalone JavaScript engine. A remote memory corruption vulnerability exists in Microsoft ChakraCore and Edge. A remote attacker can...

Windows ActiveX Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the ActiveX Data objects ADO handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

Microsoft Windows Deployment Services TFTP Server Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. Authentication is not required to exploit this vulnerability. The specific flaw exists within WDSTFTP during TFTP read requests. The issue results from the lack of validating the...

Adobe Photoshop GIF Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in parsing of GIF files...

Microsoft Internet Explorer CustomEvent Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Slackware 14.0 / 14.1 / 14.2 / current : ntp (SSA:2019-067-01)

New ntp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2019-067-01. The text itself is copyright C Slackware Linux,...

Linux Kernel CVE-2019-9213 NULL Dereferences

By following the codepath that Andrea Arcangeli pointed out in his mails regarding the last bug I reported, I noticed that it is possible for userspace on a normal distro to map virtual address 0, which on an X86 system without SMAP enables the exploitation of kernel NULL pointer dereferences. Th...

CVE-2019-0613

A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework and Visu...

Unity com.unity3d.kharma Protocol Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Unity Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handler for the...