Fedora 26 : subversion (2017-951b6a78d4)

This update includes the latest stable release of Apache Subversion, version 1.9.7. Client-side bugfixes : - Fix arbitrary code execution vulnerability CVE-2017-9800 See for details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update...

SUSE-SU-2017:2163-1 Security update for subversion

This update for subversion fixes the following issue: - CVE-2016-8734: Unrestricted XML entity expansion in moddontdothat and Subversion clients using https:// bsc1011552. - CVE-2017-9800: client code execution via argument injection in SSH URL bnc1051362...

Hewlett Packard Enterprise Intelligent Management Center iccSelectDymicParam Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

SUSE SLED12 Security Update : puppet (SUSE-SU-2017:2113-1)

This update for puppet fixes the following issues: Security issue fixed : - CVE-2017-2295: Possible code execution vulnerability where an attacker could force YAML deserialization in an unsafe manner. In default, this update breaks a backwards compatibility with Puppet agents older than 3.2.2 as...

Remote code execution

Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to buffer overflow, aka "Microsoft JET...

KB4034662: Security update for Adobe Flash Player (August 2017)

The remote Windows host is missing security update KB4034662. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website...

MGASA-2017-0243 Updated freerdp packages fix security vulnerabilities

An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle...

RVM Code Execution Vulnerability

RVM is a Ruty version management command line tool that supports the installation and management of multiple Ruty environments including compilers. A code execution vulnerability exists in RVM 1.28.0 and earlier versions. An attacker can exploit the vulnerability to execute code...

Juniper Junos Code Execution Vulnerability (CNVD-2017-21778)

Juniper Junos is a network operating system dedicated to the company's hardware systems. A code execution vulnerability exists in the Juniper Junos SNMP service that can be exploited by a remote attacker to submit a special request and execute arbitrary code...

Security Update for Microsoft Excel 2016 (KB3203477) 32-Bit Edition

A security vulnerability exists in Microsoft Excel 2016 32-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

Debian DLA-1014-1 : libclamunrar security update

It was discovered that there was an arbitrary code execution vulnerability in libcamunrar, a library to add unrar support to the Clam anti-virus software. This was caused by an integer overflow resulting in a negative value of the DestPos variable, which allows the attacker to write out of bounds...

AMAX Winmail Server Code Execution Vulnerability

AMAX Winmail Server is a set of mail server software from AMAX Group. The software supports SMTP, POP3, WEBMAIL, anti-virus, SMTP authentication and remote control and other functions. A security vulnerability exists in AMAX Winmail Server version 6.1. A remote attacker can exploit the...

SUSE-SU-2017:1391-1 Security update for samba

This update for samba fixes the following issue: - An unprivileged user with access to the samba server could cause smbd to load a specially crafted shared library, which then had the ability to execute arbitrary code on the server as 'root'. CVE-2017-7494, bso12780, bsc1038231...

GNU Bash code execution vulnerability in path completion(CVE-2017-5932)

1 Introduction GNU Bash from version 4.4 contains two bugs in its path completion feature leading to a code execution vulnerability. An exploit can be realized by creating a file or directory with a specially crafted name. A user utilizing GNU Bash's built-in path completion by hitting the Tab...

Adobe Flash Player Code Execution Vulnerability (CNVD-2017-06317)

Adobe Flash Player is a software developed by Adobe, Inc. and is a widely used, proprietary multimedia program player. A code execution vulnerability exists in Adobe Flash Player, which can be exploited by an attacker to execute arbitrary code to compromise an affected system...

OPENSUSE-SU-2017:0961-1 Security update for ffmpeg

This update for ffmpeg fixes the following issues: Security issue fixed: - CVE-2016-10190: remote code execution vulnerability 1 - libavformat/http.c boo1022920 Detailed ChangeLog: - 3.1.6: https://github.com/FFmpeg/FFmpeg/blob/e08b1cf2df8cfdb3394aa5ab0320739f8b5a1c4f/Changelog - 3.2.4:...

OPENSUSE-SU-2017:0958-1 Security update for ffmpeg

This update for ffmpeg fixes the following issues: Security issue fixed: - CVE-2016-10190: remote code execution vulnerability 1 - libavformat/http.c boo1022920 Detailed ChangeLog: - 3.1.6: https://github.com/FFmpeg/FFmpeg/blob/e08b1cf2df8cfdb3394aa5ab0320739f8b5a1c4f/Changelog - 3.2.4:...

Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration isDHCP6_data Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork's saveNetworkConfiguration method. A...

Code Execution Vulnerability Found in Libpurple IM Library

A severe vulnerability has been disclosed in libpurple, the library used in the development of a number of popular instant messaging clients, including Pidgin and Adium for the macOS platform. Adium 1.5.10.2 is vulnerable and can be exploited to run arbitrary code remotely. A researcher who goes ...

Microsoft Edge JavaScript Parsing Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...