5353 matches found
CVE-2018-15417 Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording...
CVE-2018-17611
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service use-after-free because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects...
CVE-2018-17610
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service use-after-free because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects...
CVE-2018-17607
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service use-after-free because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects...
CVE-2018-17611
Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service use-after-free because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects...
Security Bulletin: Vulnerabilities in glibc affect PowerKVM
Summary PowerKVM is affected by vulnerabilities in the GNU C Library aka glibc or libc6. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-1000001 DESCRIPTION: Glibc could allow a local attacker to execute arbitrary code on the system, caused by a buffer underflow...
CVE-2018-15832
upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI...
CVE-2018-17134
admin/webconfig.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfgauthor field in conjunction with a crafted cfgwebpath field...
CVE-2018-3686
Code injection vulnerability in INTEL-SA-00086 Detection Tool before version 1.2.7.0 may allow a privileged user to potentially execute arbitrary code via local access...
CVE-2018-10893
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code...
Microsoft ChakraCore Scripting Engine CVE-2018-8391 Remote Memory Corruption Vulnerability
Description Microsoft ChakraCore Scripting Engine is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsof...
KLA11315 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. A denial of service vulnerability in System.IO.Pipelines ca...
Ubuntu: Security Advisory (USN-3761-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2018-16543
It was discovered that the ghostscript gssetresolution and gsgetresolution procedures were available, although they have dangerous side effects. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript...
Nokogiri does not forbid namespace nodes in XPointer ranges
xpointer.c in libxml2 before 2.9.5 as used in nokogiri before 1.7.1 amongst other products does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and memory corruption via a crafted XML document...
Microsoft Edge CVE-2018-8377 Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Edge Recommendations...
USN-3737-1: GDM vulnerability
A use-after-free was discovered in GDM. A local user could exploit this to cause a denial of service, or potentially execute arbitrary code as the administrator...
CVE-2018-0429
Stack-based buffer overflow in the Cisco Thor decoder before commit 18de8f9f0762c3a542b1122589edb8af859d9813 allows local users to cause a denial of service segmentation fault and execute arbitrary code via a crafted non-conformant Thor bitstream...
CVE-2018-3672
Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a system calls...
Type confusion
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...