Updated terminology package fixes security vulnerability CVE-2018-20167

Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \epn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types...

CVE-2018-16183

An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 32bit, Windows 7 64bit, Windows 8 64bit, Windows 8.1 64bit, Windows 10 64bit delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file an...

CVE-2018-16183

An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 32bit, Windows 7 64bit, Windows 8 64bit, Windows 8.1 64bit, Windows 10 64bit delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file an...

GNU Binutils 'error' function heap buffer overflow vulnerability

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utility programs developed by the GNU Project to work with target files in a variety of formats, with connectors, assemblers, and other tools for target files and archives. A heap buffer overflow vulnerability...

CVE-2018-20167

Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \epn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types...

Remote code execution

Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \epn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types...

CVE-2018-20167

Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \epn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types...

Cross site scripting

Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename...

Design/Logic Flaw

Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file...

CVE-2018-19423

Codiad 2.8.4 allows remote authenticated administrators to execute arbitrary code by uploading an executable file...

CVE-2018-19204

PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker with read-write privileges to execute arbitrary code and OS commands with system privileges. When creating an HTTP Advanced Sensor, the user's input in the POST parameter 'proxyport' is mishandled. The attacker can...

Keybase: Keybase client: downloaded executables lack "com.apple.quarantine" meta-attribute [macOS]

Summary 1. Missing quarantine attribute for downloaded files allows remote attacker to send executable file that won't be checked by Gatekeeper codesign bypass. 2. Since sent executable files lack com.apple.quarantine meta-attribute, no alert about launching executable file from the web will be...

UBUNTU-CVE-2018-18521

Divide-by-zero vulnerabilities in the function arlibaddsymbols in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service application crash with a crafted ELF file, as demonstrated by eu-ranlib, because a zero shentsize is mishandled...

Security Bulletin: IBM Spectrum LSF is affected by a privilege escalation vulnerability

Summary IBM Spectrum LSF has addressed the following vulnerability. Enhancing the eauth executable file to prevent the preloading of getuid to avoid the users changing their job user at job submission time. Vulnerability Details CVEID:CVE-2018-1724 DESCRIPTION:IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3,...

DEBIAN-CVE-2018-18310

An invalid memory address dereference was discovered in dwflsegmentreportmodule.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service application crash with a crafted ELF file, as demonstrated by considernotes...

JVN#36623716: Music Center for PC improperly verifies software update files

Music Center for PC provided by Sony Video & Sound Products Inc. contains an issue in software update process CWE-669. As a result, under a man-in-the-middle attack, a specially crafted executable file may be downloaded and executed. Impact Under a man-in-the-middle attack, a specially crafted fi...

Code injection

Seqrite End Point Security v7.4 has "Everyone: F" permission for %PROGRAMFILES%\Seqrite\Seqrite, which allows local users to gain privileges by replacing an executable file with a Trojan horse...

CVE-2018-17775

Seqrite End Point Security v7.4 has "Everyone: F" permission for %PROGRAMFILES%\Seqrite\Seqrite, which allows local users to gain privileges by replacing an executable file with a Trojan horse...

CVE-2018-0438

A vulnerability in the Cisco Umbrella Enterprise Roaming Client ERC could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper...

Input validation

A vulnerability in the Cisco Umbrella Enterprise Roaming Client ERC could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper...