The vulnerability of the form development tool for data input based on XML, Microsoft InfoPath, arises from errors in object processing in memory, allowing attackers to execute arbitrary code.

The vulnerability of the form development tool for input data based on XML is due to an operation going beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted file...

The vulnerability of the Microsoft Office software arises from an operation that goes beyond buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Microsoft Office suite arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted file, from a remote location...

SUSE-SU-2018:1765-1 Security update for ntp

This update for ntp fixes the following issues: - Update to 4.2.8p11 bsc1082210: CVE-2016-1549: Sybil vulnerability: ephemeral association attack. While fixed in ntp-4.2.8p7, there are significant additional protections for this issue in 4.2.8p11. CVE-2018-7182: ctlgetitem: buffer read overrun...

zsh: buffer overrun in symlinks

A buffer overflow flaw was found in the zsh shell symbolic link resolver. A local, unprivileged user can create a specially crafted directory path which leads to a buffer overflow in the context of the user trying to do a symbolic link resolution in the aforementioned path. If the user affected i...

Security Bulletin: Tivoli Management Framework is affected by the following OpenSSL vulnerabilities: CVE-2014-3508 CVE-2014-5139 CVE-2014-3509 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-3513 CVE-2014-3566 (POODLE Attack) CVE-2014-3567 CVE-2014-3568.

Summary Tivoli Management Framework is affected by the following OpenSSL vulnerabilities: CVE-2014-3508 CVE-2014-5139 CVE-2014-3509 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3510 CVE-2014-3511 CVE-2014-3512 CVE-2014-3513 CVE-2014-3566 POODLE Attack CVE-2014-3567 CVE-2014-3568...

Security Bulletin: TSM Client GUI local hang (CVE-2014-0876)

Summary An IBM Tivoli Storage Manager TSM client local vulnerability can cause the crash or hang of certain Java GUI functions. Vulnerability Details CVE ID: CVE-2014-0876 Description: A local buffer overrun in the IBM Tivoli Storage Manager TSM Windows and Macintosh backup-archive client Java GU...

Security Bulletin: IBM Tealeaf Customer Experience is affected by a vulnerability in OpenSSL (CVE-2014-3511, CVE-2014-3512)

Summary IBM Tealeaf Customer Experience is affected by a vulnerability in OpenSSL that could cause a protocol downgrade attack or a buffer overrun attack. Vulnerability Details CVEID: CVE-2014-3511 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by the...

Ubuntu 14.04 LTS / 16.04 LTS : Ruby vulnerabilities (USN-3685-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3685-1 advisory. Some of these CVE were already addressed in previous USN: 3439-1, 3553-1, 3528-1. Here we address for the remain releases. It was discovered...

USN-3685-1 ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities

Some of these CVE were already addressed in previous USN: 3439-1, 3553-1, 3528-1. Here we address for the remain releases. It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. CVE-2017-0898 It was discovered that Ruby incorrectly...

USN-3685-1: Ruby vulnerabilities

Some of these CVE were already addressed in previous USN: 3439-1, 3553-1, 3528-1. Here we address for the remain releases. It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. CVE-2017-0898 It was discovered that Ruby incorrectly...

The vulnerability of Internet Explorer browsers, related to the execution of operations beyond the buffer in memory, allows attackers to execute arbitrary code.

The vulnerability of the Internet Explorer browser arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted web page...

The vulnerability of Microsoft Edge browser and the ChakraCore JavaScript engine lies in memory object handling errors, allowing attackers to execute arbitrary code.

The vulnerability of Microsoft Edge browser and the JavaScript scenario handler ChakraCore arises due to an operation going beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted web page...

The vulnerability of Microsoft Edge browser and the ChakraCore JavaScript engine lies in memory object handling errors, allowing attackers to execute arbitrary code.

The vulnerability of Microsoft Edge browser and the JavaScript scenario handler ChakraCore arises due to an operation going beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted web page...

The vulnerability of JavaScript script handlers in Internet Explorer arises from errors in memory object handling, allowing attackers to execute arbitrary code.

The vulnerability of JavaScript script handlers in Internet Explorer arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted web page...

Vulnerability of the SvoxSsmlParser and startElement functions in the Android operating system, allowing attackers to escalate their privileges and execute arbitrary code.

The vulnerability of the SvoxSsmlParser and startElement functions in the android operating system is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to increase their privileges and execute arbitrary code using a specially...

The vulnerability of JavaScript script handlers in Internet Explorer allows a perpetrator to execute arbitrary code.

The vulnerability of JavaScript script handlers in Internet Explorer arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted web page...

The vulnerability of Microsoft Edge browser and the ChakraCore JavaScript engine handler, related to the execution of operations beyond the buffer in memory, allows attackers to execute arbitrary code.

The vulnerability of Microsoft Edge browser and the JavaScript scenario handler ChakraCore arises due to an operation going beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted web page...

The vulnerability of Microsoft Internet Explorer arises from errors in memory object handling, allowing an attacker to execute arbitrary code.

The vulnerability of Microsoft Internet Explorer arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted web page...

The vulnerability of Microsoft Internet Explorer, related to the execution of operations beyond the buffer in memory, allows an attacker to execute arbitrary code.

The vulnerability of Microsoft Internet Explorer arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted web page...

The vulnerability of the Qualcomm operating system Android allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Android operating system arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...