Quest Privilege Manager Elevation of Privilege Vulnerability

Quest Privilege Manager is a comprehensive solution for user privilege management that provides the core functionality needed to quickly elevate and manage user and administrative privileges. pmmasterd is one of the encryption programs. A security vulnerability exists in pmmasterd in Quest...

Google Android Framework APIs elevation of privilege vulnerability (CNVD-2017-08230)

Google Android is a Linux-based operating system for smartphone devices. An elevation of privilege vulnerability exists in the Google Android Framework APIs, which can be exploited by remote attackers to build malicious applications, execute arbitrary code, and elevate privileges...

Google Android Mediaserver elevation of privilege vulnerability (CNVD-2017-06872)

Google Android is a Linux-based operating system for smartphone devices. A security vulnerability exists in Google Android Mediaserver, which can be exploited by remote attackers to build malicious applications, execute arbitrary code, and elevate privileges...

Advantech WebAccess Directory Traversal Vulnerability (CNVD-2017-06980)

Advantech WebAccess is a set of HMI/SCADA software from Advantech based on browser architecture. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment. A directory traversal vulnerability exists in Advantech...

Linux Kernel Heap Buffer Overflow Vulnerability (CNVD-2017-06742)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. The Linux kernel suffers from a heap buffer overflow vulnerability that can be exploited by a local attacker to execute arbitrary code on an affected system. A failed exploit...

The vulnerability of the iOS operating system, which allows a hacker to execute arbitrary code

The vulnerability of the WebKit component of the iOS operating system arises from the distribution and initialization of resources using incompatible types. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Adobe Reader DC JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2016-8235

Privilege escalation in Lenovo Customer Care Software Development Kit CCSDK versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges...

Code injection

In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/apptheme/libs/savefile.php" and then execute code...

Google Android Mediaserver Code Execution Vulnerability (CNVD-2017-04725)

Google Android is a mobile operating system based on the Linux open kernel. Google Android suffers from a security vulnerability in the Mediaserver implementation, which allows remote attackers to exploit the vulnerability to construct special media files and trick users into parsing them, which...

Apple iOS webkit memory corruption vulnerability (CNVD-2017-05602)

Apple iOS is an operating system for Apple smart devices. A memory corruption vulnerability exists in Webkit used by Apple iOS, which allows attackers to exploit the vulnerability to build malicious web pages that can be clicked on by users, which can crash the application or execute arbitrary co...

Apple iOS webkit memory corruption vulnerability (CNVD-2017-05603)

Apple iOS is an operating system for Apple smart devices. A memory corruption vulnerability exists in Webkit used by Apple iOS, which allows attackers to exploit the vulnerability to build malicious web pages that can be clicked on by users, which can crash the application or execute arbitrary co...

WebKit memory corruption vulnerability in multiple Apple products (CNVD-2017-04675)

Apple iOS, Safari, and tvOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser that comes with Mac OS X and iOS operating systems; and tvOS is an operating system for smart TVs. webKit is an open source web...

Drupal 8.x < 8.2.7 Multiple Vulnerabilities (SA-2017-001)

The version of Drupal running on the remote web server is 8.x prior to 8.2.7. It is, therefore, affected by the multiple vulnerabilities : - A security bypass vulnerability exists in the editor module due to a failure to properly check access restrictions when adding private files with a configur...

Google Chrome ANGLE Memory Misreference Vulnerability

Google Chrome is a popular web browser. A memory misreference vulnerability exists in Google Chrome ANGLE, which allows remote attackers to exploit the vulnerability to build malicious WEB pages that can be tricked into parsing by the user, which can crash the application or execute arbitrary cod...

Ubuntu: Security Advisory (USN-3232-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

KLA10979 Multiple vulnerabilities in Microsoft Windows

Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, gain privileges, obtain sensitive information and cause a denial of service. Below is a complete list of vulnerabilitie...

gdk-pixbuf 'make_available_at_least' function denial of service vulnerability

gdk-pixbuf is a toolkit for image loading and pixel buffer processing. A security vulnerability in the gdk-pixbuf 'makeavailableatleast' function allows remote attackers to build malicious files that can be exploited to trick an application into parsing, which can crash the application or execute...

Ubuntu: Security Advisory (USN-3222-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Foxit Reader JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...