Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data;...

Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a speciall...

Memory Corruption Vulnerability in Hollis HT8000 Handling of sh*** Files

HOLLIS Group is a professional automation company integrating R&D, production, sales and technical service. Memory corruption vulnerability exists in the handling of sh files by HELISE HT8000. An attacker can trick a user who has installed HT8000 to open a malicious sh file, which in turn trigger...

Memory Corruption Vulnerability in InotouchEditor

InotouchEditor is an HMI programming software produced by Shenzhen Huichuan Technology Co. InotouchEditor suffers from a memory corruption vulnerability when handling afs project files, which can be exploited by an attacker to gain control of the user's system or crash the program...

The vulnerability of Oracle Java SE’s 2D software platform allows a hacker to gain full control over the application.

The vulnerability of the Oracle Java SE 2D software platform is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker operating remotely to gain full control over the application...

PT-2019-1823 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge affected versions not specified Description: The issue is related to a remote code execution problem in the Chakra scripting engine of Microsoft Edge, caused by a buffer overflow in memory. This could allow an attacker to execu...

VMware Releases Security Updates

VMware has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the VMware...

Security Bulletin: Vulnerability in IBM® Java SDK affects IBM SPSS Analytic Server (CVE-2017-10356, CVE-2017-10388)

Summary An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Libraries component could allow an unauthenticated attacker to take control of the system. Vulnerability Details CVEID: CVE-2017-10356 DESCRIPTION: An unspecified vulnerability in Oracle Java SE relate...

Hardcoded credentials

Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target. Once the document is opened, it may allow the attacker to take full control of the system from any location...

CVE-2018-18913

Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target. Once the document is opened, it may allow the attacker to take full control of the system from any location...

CVE-2018-18913

Opera before 57.0.3098.106 is affected by a DLL Search Order Hijacking vulnerability (CVE-2018-18913). An attacker can craft a ZIP containing an HTML page and a malicious DLL; when the document is opened, Opera searches for shcore.dll and dcomp.dll in the system directory, enabling the attacker t...

Cisco Releases Security Advisories for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review t...

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data;...

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data;...

Windows VBScript Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabili...

Important: kernel

Issue Overview: In the Linux kernel afalgrelease in crypto/afalg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free UAF in sockfssetattr. A local attacker can use this flaw to escalate privileges and take control of the system.CVE-2019-8912 Affected...

Important: kernel

Issue Overview: In the Linux kernel afalgrelease in crypto/afalg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free UAF in sockfssetattr. A local attacker can use this flaw to escalate privileges and take control of the system. CVE-2019-8912 Affected...

Cisco Releases Security Updates

Cisco has released multiple security updates to address vulnerabilities in various Cisco products. An attacker could exploit some of those vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...

Adobe Releases Security Updates for ColdFusion

Adobe has released security updates to address a vulnerability in ColdFusion. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

[SECURITY] Fedora 28 Update: systemd-238-11.gita76ee90.fc28

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...