Hewlett Packard Enterprise Operations Orchestration Central-Remoting Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Operations Orchestration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the central-remoting servlet. The issue lies in th...

CVE-2017-10952

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the save...

Microsoft Edge Scripting Engine Memory Corruption (CVE-2017-8634)

A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is in the way that Microsoft browser JavaScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the conte...

The vulnerability in the JavaScript kernel of Microsoft Edge allows a hacker to execute arbitrary code.

The vulnerability in the Microsoft Edge JavaScript kernel is caused by an operation going beyond the buffer boundaries in memory memory corruption due to a script error. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, as a resul...

The vulnerability in the JavaScript kernel of Microsoft Edge allows a hacker to execute arbitrary code.

The vulnerability in the Microsoft Edge JavaScript kernel is caused by an operation going beyond the buffer boundaries in memory memory corruption in the kernel. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, as a result of...

The vulnerability in the JavaScript kernel of Microsoft Edge allows a hacker to execute arbitrary code.

The vulnerability in the Microsoft Edge JavaScript kernel is caused by an operation going beyond the buffer boundaries in memory memory corruption due to a script error. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, as a resul...

The vulnerability of object handlers in Internet Explorer’s memory allows a hacker to execute arbitrary code.

The vulnerability of object handlers in Internet Explorer’s memory is caused by an operation that goes beyond the buffer boundaries in memory violation of access control to memory objects. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the context of the curre...

The vulnerability in the JavaScript engine of Microsoft Edge and Internet Explorer allows a hacker to execute arbitrary code.

The vulnerability in Microsoft Edge and Internet Explorer JavaScript engines arises from an operation that goes beyond the buffer boundaries in memory memory corruption due to script execution. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the...

(0Day) Delta Industrial Automation WPLSoft dvp File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

(0Day) Delta Industrial Automation WPLSoft dvp File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

(0Day) Delta Industrial Automation WPLSoft dvp File Parsing Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2017-11159

Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse 1 shfolder.dll, 2 ntmarta.dll, 3 secur32.dll or 4 dwmapi.dll file in the...

DEBIAN-CVE-2017-12938

UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file...

The vulnerability of the autonomous configuration tool for the visualization and control system “U.motion Builder” relates to deficiencies in path name restriction, allowing attackers to execute arbitrary code.

The vulnerability of the autonomous configuration tool for the U.motion Builder visualization and control system relates to deficiencies in path name restriction. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code with the privileges of the...

(0Day) Foxit Reader launchURL Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within app.launchURL metho...

[slackware-security] xorg-server

New xorg-server packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/xorg-server-1.18.3-i586-3slack14.2.txz: Rebuilt. This update fixes two security issues: A user...

UBUNTU-CVE-2017-10140

Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DBCONFIG in the current directory...

[slackware-security] libsoup

New libsoup packages are available for Slackware 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/libsoup-2.52.2-i586-3slack14.2.txz: Rebuilt. Fixed a chunked decoding buffer overrun that could be exploited against either...

[slackware-security] git

New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/git-2.14.1-i586-1slack14.2.txz: Upgraded. Fixes security issues: A "ssh://..." URL can result in a "ssh"...

Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the...