7636 matches found
Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CNVD-2018-23217)
Edge is Microsoft's browser for Windows 10. Microsoft Edge suffers from a Chakra Scripting Engine memory corruption vulnerability. The vulnerability stems from a problem in the way the Chakra scripting engine handles objects in Microsoft Edge memory. A remote attacker could exploit the...
Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CNVD-2018-23216)
Edge is Microsoft's browser for Windows 10. Microsoft Edge suffers from a Chakra Scripting Engine memory corruption vulnerability. The vulnerability stems from a problem in the way the Chakra scripting engine handles objects in Microsoft Edge memory. A remote attacker could exploit the...
Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CNVD-2018-23214)
Edge is Microsoft's browser for Windows 10. Microsoft Edge suffers from a Chakra Scripting Engine memory corruption vulnerability. The vulnerability stems from a problem in the way the Chakra scripting engine handles objects in Microsoft Edge memory. A remote attacker could exploit the...
Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CNVD-2018-23263)
Edge is Microsoft's browser for Windows 10. Microsoft Edge suffers from a Chakra Scripting Engine memory corruption vulnerability. The vulnerability stems from a problem in the way the Chakra scripting engine handles objects in Microsoft Edge memory. A remote attacker could exploit the...
Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CNVD-2018-23262)
Edge is Microsoft's browser for Windows 10. Microsoft Edge suffers from a Chakra Scripting Engine memory corruption vulnerability. The vulnerability stems from a problem in the way the Chakra scripting engine handles objects in Microsoft Edge memory. A remote attacker could exploit the...
Microsoft Outlook Remote Code Execution Vulnerability (CNVD-2018-23153)
Microsoft Outlook is one of the components of the Microsoft Office software suite, which expands on the functionality of Outlook express that comes with Windows.Outlook has many features that can be used to send and receive e-mail, manage contact information, keep a diary, organize schedules, and...
Microsoft Outlook Remote Code Execution Vulnerability (CNVD-2018-23152)
Microsoft Outlook is one of the components of the Microsoft Office software suite, which expands on the functionality of Outlook express that comes with Windows.Outlook has many features that can be used to send and receive e-mail, manage contact information, keep a diary, organize schedules, and...
Microsoft Outlook Remote Code Execution Vulnerability (CNVD-2018-23151)
Microsoft Outlook is one of the components of the Microsoft Office software suite, which expands on the functionality of Outlook express that comes with Windows.Outlook has many features that can be used to send and receive e-mail, manage contact information, keep a diary, organize schedules, and...
Microsoft Word 2016 Remote Code Execution Vulnerability (KB4461504)
This host is missing an important security update according to Microsoft KB4461504 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
Security Updates for Microsoft Excel Products (November 2018)
The Microsoft Excel Products are missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the...
VulnCheck KEV: CVE-2017-11869
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current...
MGASA-2018-0439 Updated ansible package fixes security vulnerabilities
It was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result CVE-2018-10874. It was found that ansible.cfg is being read from the current working directory, which can be...
Slackware 14.1 / 14.2 / current : mariadb (SSA:2018-309-01)
New mariadb packages are available for Slackware 14.1 and 14.2 to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2018-309-01. The text itself is copyright C Slackware Linux, Inc...
Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2018-304-01)
New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2018-304-01. The text itself is copyright C Slackware Linux,...
glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries
elf/dl-load.c in the GNU C Library aka glibc or libc6 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged setuid or ATSECURE program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillinrpath...
CVE-2018-17620
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2018-17623
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
zzcms SQL Injection Vulnerability (CNVD-2018-26020)
ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the admin/tagmanage.php file in ZZCMS version 8.3. A remote attacker can exploit this vulnerability to obtain the current user name of mysql with the help of the...
zzcms SQL Injection Vulnerability (CNVD-2018-26019)
ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the zs/zslist.php file in ZZCMS version 8.3. A remote attacker can exploit this vulnerability to obtain the current user name of mysql with the help of pxzs cookie...
Microsoft Yammer Desktop Application Remote Code Execution Vulnerability
Microsoft Yammer Desktop Application is a social networking service for businesses from Microsoft USA. A remote code execution vulnerability exists in Microsoft Yammer Desktop Application. A remote attacker can exploit this vulnerability to run arbitrary code in the context of the current user...