Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JET databa...

Moderate: Red Hat Security Advisory: redis security update

An update for redis is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

Denial Of Service (Dos)

bind is vulnerable to denial of service. An uninitialized data structure is used when DNSSEC validation was enabled, allowing a remote attacker to send a large number of queries to a DNSSEC validating BIND resolver to cause it to exit unexpectedly with an assertion failure...

Integer overflow

A pointer overflow, with code execution, was discovered in ZeroMQ libzmq aka 0MQ 4.2.x and 4.3.x before 4.3.1. A v2decoder.cpp zmq::v2decodert::sizeready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leverag...

Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JET databa...

Microsoft Windows JET Database Engine Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JET databa...

Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JET databa...

Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JET databa...

CVE-2018-20662

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing...

CVE-2018-20662

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing...

CVE-2018-20662

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing...

CVE-2018-20424

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to delete the commonmemberwechatmp data structure via an ac=unbindmp request to plugin.php...

CVE-2018-20424

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to delete the commonmemberwechatmp data structure via an ac=unbindmp request to plugin.php...

The vulnerability of the WLS Core Components of the WebLogic Server application server allows a hacker to gain full control over the application.

The vulnerability of the WLS Core Components of the WebLogic Server application server is related to the restoration of unreliable data structures in memory. Exploiting this vulnerability allows an attacker operating remotely to gain full control over the application using the T3 protocol...

Adobe Acrobat Pro DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

ALPINE-CVE-2018-19966

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service host OS crash or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorre...

CVE-2018-19966

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service host OS crash or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorre...

CVE-2018-19966

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service host OS crash or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorre...

EulerOS Virtualization 2.5.2 : kernel (EulerOS-SA-2018-1370)

According to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A flaw was found in the Linux Kernel in the ucmaleavemulticast function in drivers/infiniband/core/ucma.c which allows access to a...

Linux - Broken uid/gid Mapping for Nested User Namespaces

commit 6397fac4915a "userns: bump idmap limits to 340" increases the number of possible uid/gid mappings that a namespace can have from 5 to 340. This is implemented by switching to a different data structure if the number of mappings exceeds 5: Instead of linear search over an unsorted array of...