Microsoft Windows Win32k Elevation of Privilege Vulnerability (CNVD-2017-16984)

Microsoft Windows is a family of operating systems released by Microsoft Corporation in the U.S. Win32k is the 32-bit environment of its operating system. An elevation of privilege vulnerability exists in Win32k in Microsoft Windows, which stems from a failure of the Graphics component to properl...

KLA11070 Multiple vulnerabilities in Microsoft Edge and Microsoft Internet Explorer

Multiple serious vulnerabilities have been found in Microsoft Edge and Microsoft Internet Explorer. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code and spoof user interface. Below is a complete list of vulnerabilities: 1. An improper...

CVE-2017-9529

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx+0x0000000000004efd."...

Code injection

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .bie file, related to a "Read Access Violation on Block Data Move starting at Xjbig+0x000000000000121b."...

Stack overflow

XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted JPEG 2000 file that is mishandled during the opening of a directory in "Browser" mode, because of a "Stack Buffer Overrun" issue...

Code injection

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx+0x000000000000dcab."...

Code injection

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x000000000002e385."...

CVE-2017-9900

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x000000000002e385."...

IBM DB2 Buffer Overflow Vulnerability (CNVD-2017-14908)

IBM DB2 Universal Database Server is a commercial relational database system. A buffer overflow vulnerability exists in IBM DB2. A local attacker could exploit this vulnerability to execute arbitrary code...

The vulnerabilities of VMware ESXi, VMware Fusion, VMware Fusion Pro, Vmware Workstation Player, and Vmware Workstation Pro allow attackers to execute arbitrary code.

The vulnerability of VMware ESXi, VMware Fusion, VMware Fusion Pro, Vmware Workstation Player, and Vmware Workstation Pro lies in buffer overflows in SVGA memory. Exploiting this vulnerability allows a local attacker to execute arbitrary code on the host system...

Microsoft Edge Memory Corruption Vulnerability (CNVD-2017-12108)

Microsoft Edge is a web browser developed by Microsoft USA and is the default browser that comes with the Windows 10 operating system. A memory corruption vulnerability exists in Microsoft Edge. A remote attacker can exploit this vulnerability to execute arbitrary code or cause a denial of servic...

Microsoft Windows PDF Library JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows PDF Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Out-of-bounds

VMware Workstation 12.x prior to 12.5.3 and Horizon View Client 4.x prior to 4.4.0 contain multiple out-of-bounds read vulnerabilities in TrueType Font TTF parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs...

CVE-2017-4907

VMware Unified Access Gateway 2.5.x, 2.7.x, 2.8.x prior to 2.8.1 and Horizon View 7.x prior to 7.1.0, 6.x prior to 6.2.4 contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway...

CVE-2017-4908

VMware Workstation 12.x prior to 12.5.3 and Horizon View Client 4.x prior to 4.4.0 contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs...

CVE-2016-8228

In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges...

CVE-2017-5688

There is an escalation of privilege vulnerability in the Intel Solid State Drive Toolbox versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary code...

CVE-2017-2306

On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device...

The vulnerability of the Android operating system’s kernel subsystem allows a hacker to execute arbitrary code.

The vulnerability of the Android operating system’s kernel subsystem is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary code within the kernel context, using a local malware application...

CVE-2017-2514

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted we...