Adobe Acrobat Pro DC WebLink borderWidth Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

Buffer Overflow Vulnerability in Adobe Acrobat and Reader

Adobe Acrobat and Reader are the United States of America Audobee Adobe company's products. The former is a set of PDF file editing and conversion tools, the latter is a set of PDF document reading software. Adobe Acrobat and Reader have a heap buffer overflow vulnerability that can be exploited ...

Memory corruption vulnerability in Adobe Acrobat and Reader (CNVD-2018-26530)

Adobe Acrobat and Reader are the United States of America Audobee Adobe company's products. The former is a set of PDF file editing and conversion tools, the latter is a set of PDF document reading software. Adobe Acrobat and Reader memory corruption vulnerabilities, attackers can control the...

CVE-2018-6983

VMware Workstation 15.x before 15.0.2 and 14.x before 14.1.5 and Fusion 11.x before 11.0.2 and 10.x before 10.1.5 contain an integer overflow vulnerability in the virtual network devices. This issue may allow a guest to execute code on the host...

CVE-2018-17913

A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application...

DEBIAN-CVE-2018-14651

It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes vi...

glusterfs: glusterfs server exploitable via symlinks to relative paths

It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes vi...

PT-2018-4930 · Unknown +2 · Cfme +3

Name of the Vulnerable Software and Affected Versions: No specific software or version information is provided. Description: A code injection flaw was found in the way capacity and utilization imported control files are processed. This could allow a remote, authenticated attacker with access to t...

Code injection

LAquis SCADA Versions 4.1.0.3870 and prior, when processing project files the application fails to sanitize user input prior to performing write operations on a stack object, which may allow an attacker to execute code under the current process...

CVE-2018-6974

VMware ESXi 6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG, Workstation 14.x before 14.1.3 and Fusion 10.x before 10.1.3 contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host...

CVE-2018-6974

VMware ESXi 6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG, Workstation 14.x before 14.1.3 and Fusion 10.x before 10.1.3 contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host...

Foxit Reader XFA TimeField resolveNode Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the...

openSUSE Security Update : ghostscript (openSUSE-2018-1122)

This update for ghostscript to version 9.25 fixes the following issues : These security issues were fixed : - CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code bsc1109105 - CVE-2018-15909: Prevent type...

CVE-2018-15430

A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficien...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Webex Events Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based...

Input validation

A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficien...

CVE-2018-0422

A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. The vulnerability is due to folder permissions that grant a...

(0Day) Fuji Electric Alpha5 Smart Loader A5P File Parsing Buffer Overflow Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Fuji Electric Alpha Loader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

CVE-2018-12168

Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0.03942 may allow an authenticated user to potentially execute code as administrator via local access...

CVE-2018-12150

Escalation of privilege in Installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially execute code or disclose information as administrator via local access...