git: Improper handling of PATH allows for commands to be executed from the current directory

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was a dangerous change from execvp to execv during 2017...

OMRON CX-One CX-Programmer CXP File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One CX-Programmer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The issue results from the lack of...

[slackware-security] php

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: Several security bugs have been fixed in this release: Segfault when using convert.quoted-printable-encode filter. Null pointer dereference i...

[slackware-security] nettle

New nettle packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: This update fixes a security issue: A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversio...

ansible: Inventory variables are loaded from current working directory when running ad-hoc command that can lead to code execution

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result...

ansible: ansible.cfg is being read from current working directory allowing possible code execution

It was found that ansible.cfg is being read from the current working directory, which can be made to point to plugin or module paths that are under control of the attacker. This could allow an attacker to execute arbitrary code...

CVE-2018-12315

Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password...

VulnCheck KEV: CVE-2018-0798

Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0802...

DEBIAN-CVE-2018-19486

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was a dangerous change from execvp to execv during 2017...

ALPINE-CVE-2018-19486

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was a dangerous change from execvp to execv during 2017...

CVE-2018-19486

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory as if '.' were at the end of $PATH in certain cases involving the runcommand API and run-command.c, because there was a dangerous change from execvp to execv during 2017...

Epic Games Launcher Protocol Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Visual Studio with tools for Unreal Engine development installed. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

OMRON CX-Supervisor SCS File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processi...

OMRON CX-Supervisor SCS File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processi...

OMRON CX-Supervisor scs File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processi...

Microsoft Project 2010 Remote Code Execution Vulnerability (KB4022147)

This host is missing a critical security update according to Microsoft KB4022147 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Windows Search Remote Code Execution Vulnerability

Microsoft Windows is a series of operating systems released by Microsoft.Search is one of the search components. A remote code execution vulnerability exists in Microsoft Windows Search. An attacker can exploit this vulnerability to execute arbitrary code in the context of the current user. A...

Microsoft Excel Remote Code Execution Vulnerability (CNVD-2018-24092)

Microsoft Excel is a spreadsheet processing software in the Office suite of the American Microsoft Microsoft company. A remote code execution vulnerability exists in Microsoft Excel, which arises from the program's failure to properly handle objects in memory. A remote attacker can exploit the...

Microsoft Project Remote Code Execution Vulnerability

Microsoft Project is a suite of project management solutions for project portfolio management PPM and day-to-day work from Microsoft USA. The solution supports the allocation of resources to tasks, progress tracking and budget management. A remote code execution vulnerability exists in Microsoft...

Microsoft Word Remote Code Execution Vulnerability (CNVD-2018-23753)

Microsoft Word is a word processing software in the Office suite of the American Microsoft Microsoft company. A remote code execution vulnerability exists in Microsoft Word, which arises from the program failing to properly handle objects in memory. A remote attacker can exploit the vulnerability...