The vulnerability of the JavaScript script handler ChakraCore in browsers Internet Explorer and Microsoft Edge allows a hacker to execute arbitrary code.

The vulnerability of the JavaScript script handler ChakraCore in browsers Internet Explorer and Microsoft Edge is related to improper handling of objects in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user...

The vulnerability of the JavaScript script handler ChakraCore in the Microsoft Edge browser allows a hacker to execute arbitrary code.

The vulnerability of the JavaScript script handler ChakraCore in the Microsoft Edge browser is related to improper handling of objects in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user...

External link injection on 404 pages when linking to the current page.

More info at https://www.drupal.org/SA-CORE-2018-001...

[slackware-security] irssi

New irssi packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/irssi-1.0.7-i586-1slack14.2.txz: Upgraded. This update fixes bugs and security issues. For more information, see:...

Microsoft Outlook Memory Corruption Vulnerability

Microsoft Outlook, etc. are all products of the United States Microsoft Microsoft Corporation.Microsoft Outlook is a set of Office suite of e-mail client software.Office Click-to-Run C2R is a set of office software suite products. A remote code execution vulnerability exists in Microsoft Office...

Microsoft Edge and ChakraCore Remote Memory Corruption Vulnerability

Microsoft Windows is a series of operating systems released by Microsoft Corporation.Edge is one of the browsers that comes with the system.ChakraCore is the core of an open source JavaScript engine used in Edge, and can also be used as a stand-alone JavaScript engine. A remote memory corruption...

Microsoft Edge and ChakraCore Remote Memory Corruption Vulnerability (CNVD-2018-03514)

Microsoft Windows is a series of operating systems released by Microsoft.Edge is one of the browsers that comes with the system.ChakraCore is the core of an open-source JavaScript engine used in Edge, and can also be used as a stand-alone JavaScript engine. A remote memory corruption vulnerabilit...

Microsoft Edge and ChakraCore Remote Memory Corruption Vulnerability (CNVD-2018-03517)

Microsoft Windows is a series of operating systems released by Microsoft Corporation.Edge is one of the browsers that comes with the system.ChakraCore is the core of an open source JavaScript engine used in Edge, and can also be used as a stand-alone JavaScript engine. A remote memory corruption...

Microsoft Edge and ChakraCore Remote Memory Corruption Vulnerability (CNVD-2018-03523)

Microsoft Windows is a series of operating systems released by Microsoft Corporation.Edge is one of the browsers that comes with the system.ChakraCore is the core of an open source JavaScript engine used in Edge, and can also be used as a stand-alone JavaScript engine. A memory corruption...

Microsoft Edge scripting engine remote memory corruption vulnerability

Microsoft Windows is a series of operating systems released by Microsoft Corporation.Microsoft Edge is one of the web browsers that comes with the system.scripting engine is one of the JavaScript engine components. A remote memory corruption vulnerability exists in the Microsoft Edge scripting...

Microsoft Office Memory Corruption Vulnerability (CNVD-2018-03530)

Microsoft Office is a series of office software suite products released by Microsoft Corporation in the U.S. Office Word Viewer is a Word file viewer. A remote code execution vulnerability exists in Microsoft Office, which arises from the program's failure to properly handle objects in memory. A...

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge HTML-based. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who...

ALPINE-CVE-2018-1053

In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pgupgrade creates file in current working directory containing the output of pgdumpall -g under umask which was in effect when the user invoked pgupgrade, and not under 0077 which...

Novell NetIQ Access Manager FwRequest Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell NetIQ Access Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FwRequest class. The issue results from the lack of proper validation ...

[slackware-security] rsync

New rsync packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/rsync-3.1.3-i586-1slack14.2.txz: Upgraded. This update fixes two security issues: Fixed a buffer overru...

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/mozilla-thunderbird-52.6.0-i586-1slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more...

Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2018-024-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2018-024-01. The text itself is copyright C Slackware Linux,...

The vulnerability of the Microsoft Office software arises from an operation that goes beyond buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Microsoft Office suite is related to improper handling of objects in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user...

CVE-2017-16608

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a...

Authentication flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a...