798 matches found
About the security content of iCloud for Windows 6.0.1 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...
MS16-025: Security update for Windows library loading to address remote code execution: March 8, 2016
MS16-025: Security update for Windows library loading to address remote code execution: March 8, 2016 Summary This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Windows fails to properly validate input before loadin...
OpenSSH < 7.4 - agent Protocol Arbitrary Library Loading
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1009 The OpenSSH agent permits its clients to load PKCS11 providers using the commands SSHAGENTCADDSMARTCARDKEY and SSHAGENTCADDSMARTCARDKEYCONSTRAINED if OpenSSH was compiled with the ENABLEPKCS11 flag normally enabled and the age...
OpenSSH Arbitrary Library Loading
OpenSSH: agent protocol permits loading arbitrary libraries CVE-2016-10009 The OpenSSH agent permits its clients to load PKCS11 providers using the commands SSHAGENTCADDSMARTCARDKEY and SSHAGENTCADDSMARTCARDKEYCONSTRAINED if OpenSSH was compiled with the ENABLEPKCS11 flag normally enabled and the...
CVE-2016-7292
The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles library loading, which allows local users to gain privileges via a...
Privilege escalation
The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles library loading, which allows local users to gain privileges via a...
Security feature bypass
Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."...
CVE-2016-7275
Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."...
CVE-2016-7275
Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."...
Microsoft Office DLL Loading Remote Code Execution Vulnerability
Microsoft Office is an office software suite of products developed by the U.S. company Microsoft Microsoft. Commonly used components are Word, Excel, Access, Powerpoint, FrontPage and so on. A remote code execution vulnerability exists in Microsoft Office software that originates from the program...
MS16-149: Security Update for Microsoft Windows (3205655)
The remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in a Windows Crypto driver running in kernel mode due to improper handling of objects in memory. A local attacker can exploit this, via a...
Microsoft Windows Information Disclosure And Elevation of Privilege Vulnerabilities (3205655)
This host is missing a critical security update according to Microsoft Bulletin MS16-149. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Microsoft Windows Installer Elevation of Privilege (MS16-149: CVE-2016-7292)
An elevation of privilege vulnerability exists in the Windows Installer. The vulnerability is due to the Windows Installer failing to properly sanitize input leading to an insecure library loading behavior. A attacker could run arbitrary code with elevated system privileges...
KLA10921 Multiple vulnerabilities in Microsoft Office
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, gain priveleges. Below is a complete list of vulnerabilities: 1. Memory corruption vulnerabilit...
Adobe Flash Player Security Bypass (APSB16-18: CVE-2016-4140)
A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insecure library loading while handling certain files. A remote attacker could exploit this issue by enticing a user to open a legitimate file that will insecurely load a specially crafted D...
About the security content of iCloud for Windows 6.0.1
About the security content of iCloud for Windows 6.0.1 This document describes the security content of iCloud for Windows 6.0.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...
CVE-2016-7188
The Standard Collector Service in Windows Diagnostics Hub in Microsoft Windows 10 Gold, 1511, and 1607 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Diagnostics Hub Elevation of Privilege Vulnerability."...
Windows Diagnostics Hub Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system...
Multiple IBM DB2 Products Local Lift Vulnerabilities
IBM DB2 is a relational database management system from IBM in the United States. Multiple IBM DB2 products fail to properly validate input prior to loading into the library, allowing a local attacker to exploit the vulnerability to gain root privileges by constructing malicious libraries in a...
CVE-2016-3235
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."...