MS15-019: Description of the security update for VBScript 5.7 Scripting Engine: March 10, 2015

MS15-019: Description of the security update for VBScript 5.7 Scripting Engine: March 10, 2015 Summary This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted...

Microsoft Office Graphics Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delet...

Microsoft JET Database Engine Remote Code Execution Vulnerability

A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or...

Microsoft Malware Protection Engine Remote Code Execution (CVE-2018-0986)

A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption .An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the Local Syst...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Adobe PhoneGap Push Plugin, Adobe Digital Editions, Adobe InDesign, Adobe Experience Manager, and Adobe Flash Player. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC...

Cisco Releases Security Updates

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the...

Drupal Releases Critical Security Updates

Drupal has released critical updates addressing a vulnerability in Drupal 8, 7, and 6. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review Drupal's Security Advisory and apply the necessary updates...

Default configuration

An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system...

CVE-2018-7533

An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system...

Adobe Flash Player Within Google Chrome Multiple RCE Vulnerabilities (APSB18-05) - Windows

Adobe Flash Player is prone to multiple remote code execution RCE vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Windows Desktop Bridge VFS Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Desktop Bridge VFS does not take into acccount user/kernel mode when managing file paths. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;...

Microsoft Releases March 2018 Security Updates

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review Microsoft's March 2018 Security Update Summary and...

Microsoft Access CVE-2018-0903 Remote Code Execution Vulnerability

Description Microsoft Access is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed exploit attempts may result in a denial of service condition; this can result in the attacker gaining complete...

Cisco Releases Security Updates for Multiple Products

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and...

Adobe Acrobat 2017 Multiple Vulnerabilities (APSB18-02) - Windows

Adobe Acrobat 2017 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:acrobat";...

Adobe Acrobat DC (Continuous Track) Multiple Vulnerabilities (APSB18-02) - Mac OS X

Adobe Acrobat DC Continuous Track is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Adobe Acrobat Reader 2017 Multiple Vulnerabilities (APSB18-02) - Windows

Adobe Acrobat Reader 2017 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2018-0125

A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The...

Adobe Flash Player Memory Misreference Vulnerability (CNVD-2018-05049)

Adobe Flash Player is a cross-platform, browser-based multimedia player product from Adobe. The product supports cross-screen and browser viewing of applications, content and videos. A memory misreference vulnerability exists in Adobe Flash Player. An attacker can exploit this vulnerability to...

Adobe Flash Player Multiple Remote Code Execution Vulnerabilities - Mac OS X

Adobe Flash Player is prone to multiple remote code execution RCE vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...