CVE-2018-5223

Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to add a repository in Fisheye or Crucible can execute code of their choice on systems that run...

CVE-2018-5224

CVE-2018-5224 affects Atlassian Bamboo on Windows. The issue arises from improper handling of Mercurial repository URIs, allowing an attacker with repository/plan permissions to execute arbitrary code on vulnerable Bamboo Windows hosts. Affected versions are Bamboo 2.7.0–6.3.2 and 6.4.0–6.4.1 on ...

CVE-2018-0891

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due ...

Microsoft Windows and Macrovision SafeDisc secdrv.sys driver memory misreference vulnerability

Microsoft Windows Vista, etc. are a series of operating systems released by Microsoft Corporation, U.S.A. Macrovision SafeDisc is a suite of copy protection programs for Windows applications and games distributed on CD-ROMs from the U.S.A. Macrovision. secdrv. sys is one of the drivers used by...

Microsoft Windows NTFS Elevation of Privilege Vulnerability

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. NTFS is one of the file systems. An elevation of privilege vulnerability exists in Microsoft Windows NTFS, which arises from a program's failure to properly handle objects. A local attacker can exploi...

Vyaire Medical CareFusion Upgrade Utility Privilege Elevation

Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems is a utility program for upgrading ventilator firmware based on the Windows XP platform from Vyaire Medical, USA. A security vulnerability exists in Vyaire Medical CareFusion Upgrade Utility 2.0.2.2 and earlier versions for...

Input validation

DISPUTED In Malwarebytes Premium 3.3.1.2183, the driver file FARFLT.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e00c. NOTE: the vendor reported that they "have not been able to reproduce...

Input validation

DISPUTED In Malwarebytes Premium 3.3.1.2183, the driver file FARFLT.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e010. NOTE: the vendor reported that they "have not been able to reproduce...

CVE-2018-5275

In Malwarebytes Premium 3.3.1.2183, the driver file FARFLT.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E020. NOTE: the vendor reported that they "have not been able to reproduce the issu...

CVE-2018-5278

In Malwarebytes Premium 3.3.1.2183, the driver file FARFLT.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e00c. NOTE: the vendor reported that they "have not been able to reproduce the issu...

CVE-2018-5275

In Malwarebytes Premium 3.3.1.2183, the driver file FARFLT.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40E020. NOTE: the vendor reported that they "have not been able to reproduce the issu...

CVE-2018-5278

In Malwarebytes Premium 3.3.1.2183, the driver file FARFLT.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e00c. NOTE: the vendor reported that they "have not been able to reproduce the issu...

CVE-2018-5279

In Malwarebytes Premium 3.3.1.2183, the driver file FARFLT.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e02c. NOTE: the vendor reported that they "have not been able to reproduce the issu...

Microsoft Internet Explorer and Edge Memory Corruption Vulnerability (CNVD-2018-00503)

Microsoft Windows 7 SP1, etc. are a series of operating systems released by Microsoft Corporation, U.S.A. Microsoft Edge and Internet Explorer IE are web browsers that come with Windows. The former is the default browser that comes with the latest operating system, Windows 10, and the latter is t...

UBUNTU-CVE-2017-13856

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote...

Microsoft Windows Edge and Microsoft ChakraCore Remote Code Execution Vulnerability (CNVD-2018-00326)

Microsoft Windows 10 and Windows Server 2016 are both products of the American company Microsoft. The former is a set of operating systems for personal computers, and the latter is a set of server operating systems.Edge is the default browser that comes with one of these systems.ChakraCore is the...

Microsoft Windows Internet Explorer scripting remote code execution vulnerability (CNVD-2018-00779)

Microsoft Windows Server 2016 and others are operating systems released by Microsoft Corporation USA.Internet Explorer IE is one of the browsers. scripting engine is one of the scripting engines. A remote code execution vulnerability exists in the scripting engine of IE 9, 10, and 11 in Microsoft...

Microsoft Windows Internet Explorer scripting remote code execution vulnerability (CNVD-2018-00780)

Microsoft Windows 7 SP1 and others are operating systems released by Microsoft Corporation in the U.S. Internet Explorer IE is a web browser that comes with the Windows operating system. scripting engines is one of the JavaScript engine components. A remote code execution vulnerability exists in...

CVE-2017-11890

Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handle...

Hackers Exploit Recently Disclosed Microsoft Office Bug to Backdoor PCs

A recently disclosed severe 17-year-old vulnerability in Microsoft Office that lets hackers install malware on targeted computers without user interaction is now being exploited in the wild to distribute a backdoor malware. First spotted by researchers at security firm Fortinet, the malware has...