Microsoft Excel Remote Code Execution Vulnerability (CNVD-2018-08937)

Microsoft Excel is one of the components of Microsoft's office software Microsoft office, a spreadsheet software written and run by Microsoft for computers with Windows and Apple Macintosh operating systems. A remote code execution vulnerability exists in Microsoft Excel. The vulnerability arises...

Microsoft Excel and Office Remote Code Execution Vulnerability

Microsoft Excel is one of the components of Microsoft's office software Microsoft office, a spreadsheet software written and run by Microsoft for computers with Windows and Apple Macintosh operating systems. A remote code execution vulnerability exists in Microsoft Excel and Office. The...

OMRON CX-One CX-Motion wcscpy Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of M...

OMRON CX-One Network Configurator Uz01Eip21 Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of N...

OMRON CX-One CX-FLnet FLN File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of F...

Microsoft Internet Explorer Memory Corruption Vulnerability (CNVD-2018-08027)

Internet Explorer is a web browser from Microsoft. A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability arises because the software fails to properly access objects in memory. An attacker can exploit the vulnerability to run arbitrary code in the context of t...

glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation

In glibc 2.26 and earlier there is confusion in the usage of getcwd by realpath which can be used to write before the destination buffer leading to a buffer underflow and potential code execution...

Spotify Music Player URI parsing Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Spotify Music Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Sophos Endpoint Protection Anti-tamper Protection Mechanism Bypass Vulnerability

Sophos Endpoint Protection helps protect your workstation by adding prevention, detection and response technologies to your operating system. A tamper protection mechanism bypass vulnerability exists in Sophos Endpoint Protection 10.7. A local user can exploit this vulnerability to bypass the...

Apple Safari Spread Operator Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JIT...

Apple Safari TypedArray Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Apple Safari Math sqrt Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JIT...

Apple Safari WebGL BufferSubData Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

[slackware-security] libidn

New libidn packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: This update fixes security issues: Fix integer overflow in combinehangul Fix integer overflow in punycode decoder Fix...

Slackware 14.2 / current : ruby (SSA:2018-088-01)

New ruby packages are available for Slackware 14.2 and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2018-088-01. The text itself is copyright C Slackware Linux, Inc...

[slackware-security] openssl

New openssl packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/openssl-1.0.2o-i586-1slack14.2.txz: Upgraded. This update fixes a security issue: Constructed ASN.1 types with a recursive definitio...

Slackware 14.2 / current : openssl (SSA:2018-087-01)

New openssl packages are available for Slackware 14.2 and -current to fix a security issue. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2018-087-01. The text itself is copyright C Slackware Linux, Inc...

Windows UAC Protection Bypass (Via Slui File Handler Hijack)

This module will bypass UAC on Windows 8-10 by hijacking a special key in the Registry under the Current User hive, and inserting a custom command that will get invoked when any binary .exe application is launched. But slui.exe is an auto-elevated binary that is vulnerable to file handler...

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/mozilla-thunderbird-52.7.0-i586-1slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more...

OMRON CX-Supervisor SCS Alarm Object Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-Supervisor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing ...