grunt-images remote code execution vulnerability

grunt-images is a grunt plugin for working with images. A security vulnerability exists in grunt-images that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the requested binary with an attacker-controll...

DEBIAN-CVE-2017-12194

A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are...

CVE-2017-8211

The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has...

Advantech WebOP Designer Heap Buffer Overflow Vulnerability

Advantech WebOP is an operator panel product. A heap buffer overflow vulnerability exists in Advantech WebOP Designer, which could be exploited by a remote attacker to submit a special request that could crash the application or execute arbitrary code...

IrfanView FPX plugin buffer overflow vulnerability (CNVD-2017-15681)

IrfanView is an image viewer developed by Irfan Skiljan, a software developer from Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion, etc. FPX Plugin is one of the programmable interface extensions. A buffer overflow vulnerability exists in IrfanView...

samba: Loading shared modules from any path in the system leading to RCE (SambaCry)

A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root...

CVE-2016-8468

An elevation of privilege vulnerability in Binder could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform...

Lenovo Accelerator Application Man-in-the-Middle Attack Vulnerability

Lenovo Accelerator Application is a set of accelerator programs from the Chinese company Lenovo Lenovo designed specifically for Intel chipsets. A man-in-the-middle attack vulnerability exists in the UpdateAgent in the Lenovo Accelerator Application. The vulnerability can be exploited to conduct ...

Apple Safari WebKit Memory Corruption Arbitrary Code Execution Vulnerability (CNVD-2015-08092)

Apple Safari is a WEB browser developed by Apple. An unspecified memory corruption arbitrary code execution vulnerability exists in Apple Safari WebKit, which allows remote attackers to construct a malicious web page and trick users into parsing it, which could crash the application or execute...

Kaspersky Internet Security File Deshelling Buffer Overflow Vulnerability

Kaspersky Internet Security is an Internet security suite. Kaspersky Internet Security handles file stripping with a security vulnerability that allows an attacker to construct malicious files and trick users into parsing them, which can crash applications or execute arbitrary code...

Apple QuickTime Memory Corruption Vulnerability (CNVD-2015-04259)

Apple QuickTime is a popular multimedia player. A vulnerability in Apple QuickTime's handling of special movie files allows remote attackers to construct malicious files that can be tricked into being parsed by an application, which can execute arbitrary code in the application context...

Microsoft Windows Kernel Bitmap Processing Memory Misreference Vulnerability

Microsoft Windows is a popular operating system. A memory misreference vulnerability exists in the Microsoft Windows kernel processing bitmap, which allows local attackers to exploit the vulnerability to execute arbitrary code with elevated privileges...

OpenLiteSpeed Buffer Overflow Denial of Service Vulnerability

OpenLiteSpeed is a high performance, lightweight, open source HTTP server. OpenLiteSpeed suffers from a heap buffer overflow vulnerability that could be exploited by a remote attacker to submit a special request to crash the application or execute arbitrary code...

Microsoft Internet Explorer Memory Corruption Vulnerability (CNVD-2015-03101)

Microsoft Internet Explorer is a WEB-based browser. An unspecified memory corruption vulnerability exists in Microsoft Internet Explorer, which could be exploited by a remote attacker to construct a malicious web page that could be parsed by the user, causing the application to crash or execute...

JGroups: Authentication via cached credentials

The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information diagnostic information and execute arbitrary code by reusing valid credentials...

DEBIAN-CVE-2013-4112

The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information diagnostic information and execute arbitrary code by reusing valid credentials...

Checks for MS HOTFIX for snmp buffer overruns

There is an Unchecked Buffer in SNMP Service and this checks to see if the Microsoft Patch has been applied only checks NT/Win2k and XP PRo. Impact of vulnerability: Run code of attacker's choice and denial of service attacks. Also may run snmp detect to see if snmp is running on this host. OpenV...

Microsoft Internet Explorer 5.01, 5.5, 6.0 Cumulative Patch (890923, MS05-020)

The July 2004 Cumulative Patch for IE is not applied on the remote host. SPDX-FileCopyrightText: 2002 Michael Scheidell Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only Also supersedes...

Microsoft Security Bulletin MS03-014: Cumulative Patch for Outlook Express (330994)

-----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Cumulative Patch for Outlook Express 330994 Date: 23 April 2003 Software: Microsoft c Outlook Express Impact: Run code of the attacker's choice on a user's machine. Max Risk: Critica...

Security Bulletin MS01-042

---------------------------------------------------------------------- Title: Windows Media Player .NSC Processor Contains Unchecked Buffer Date: 26 July 2001 Software: Windows Media Player 6.4, 7, and 7.1 Impact: Run code of attacker's choice. Bulletin: MS01-042 Microsoft encourages customers to...