CVE-2018-0690

An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files...

CVE-2018-0686

Denbun by NEOJAPAN Inc. Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier allows remote authenticated attackers to upload and execute any executable files via unspecified vectors...

CVE-2018-0690

An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files...

CVE-2018-0686

Denbun by NEOJAPAN Inc. Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier allows remote authenticated attackers to upload and execute any executable files via unspecified vectors...

CVE-2018-0690

CVE-2018-0690 affects Sony Music Center for PC prior to 1.0.02, where the software update process does not validate updates securely. This enables a man-in-the-middle attacker to tamper with an update file and inject executable files during the update, potentially leading to code execution on the...

CVE-2018-15437 Cisco Immunet and Cisco AMP for Endpoints System Scan Denial of Service Vulnerability

A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection AMP for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could allow executable files to be launched on the system...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2018:2322-2)

This update for MozillaFirefox to version ESR 52.9 fixes the following issues : CVE-2018-5188: Various memory safety bugs bsc1098998 CVE-2018-12368: No warning when opening executable SettingContent-ms files CVE-2018-12366: Invalid data handling during QCMS transformations CVE-2018-12365:...

CVE-2018-12368

Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. Th...

CVE-2018-12368

Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. Th...

CVE-2018-12368

Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. Th...

CVE-2018-12368

CVE-2018-12368 describes a policy bypass where Windows 10 does not warn before opening SettingContent-ms files, enabling a WebExtension with downloads.open to execute arbitrary code without user interaction. Connected advisories confirm the issue affects Windows 10 and Mozilla products (Thunderbi...

CVE-2018-12368

Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. Th...

Input validation

Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products...

UBUNTU-CVE-2018-17360

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfdgetl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executabl...

CVE-2018-6690

Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control MACC 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system...

Design/Logic Flaw

An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged user accounts. This allows unauthorized replacement of service program executable EXE or dynamical...

Design/Logic Flaw

AccuPOS 2017.8 is installed with the insecure "Authenticated Users: Modify" permission for files within the installation path. This may allow local attackers to compromise the integrity of critical resource and executable files...

CVE-2018-14791

Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products...

Input validation

DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files...

CVE-2018-14795

DeltaV DCS Workstations (Emerson) are affected by CVE-2018-14795 due to improper path validation (Relative Path Traversal). Affected products are DeltaV versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5. The vulnerability can allow an attacker to replace executable files. Public advisories/records ...