VMSA-2018-0022:VMware Workstation and Fusion updates address an out-of-bounds write issue

VMSA-2018-0022 VMware Workstation and Fusion updates address an out-of-bounds write issue VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0022 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: VMware Workstation and Fusion updates address an...

VMWare Horizon Client wswc_sharedMem_shared Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of VMware Horizon Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

Insteon Hub Buffer Overflow Vulnerability

The Insteon Hub is an Insteon central controller product from Insteon USA. This product can remotely control light bulbs, wall switches, air conditioners and more in your home. A buffer overflow vulnerability exists in the Insteon Hub using firmware version 1012. An attacker could exploit the...

CVE-2018-14246

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-14311

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA...

Intel Quartus II Elevation of Privilege Vulnerability

Intel Quartus II is a suite of software for hardware programming from the American company Intel Intel. An elevation of privilege vulnerability exists in Intel Quartus II versions 11.0 through 15.0. A local attacker could exploit this vulnerability to execute arbitrary code...

Passenger: Multiple Vulnerabilities

Background Passenger runs and manages your Ruby, Node.js, and Python apps. Description Multiple vulnerabilities have been discovered in Passenger. Please review the CVE identifiers referenced below for details. Impact A remote attacker could escalate privileges, execute arbitrary code, cause a...

AVEVA InTouch Buffer Overflow Vulnerability

AVEVA InTouch is an embedded HMI software package from AVEVA Group plc in the UK. The product provides read and write tagging and event monitoring functionality for HMI clients. A security vulnerability exists in AVEVA InTouch. A remote attacker could exploit this vulnerability by sending special...

CVE-2018-3858

An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and...

Out-of-bounds

An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability...

CVE-2018-0343

A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service DoS condition on an affected system. The vulnerability is due to insufficient...

CVE-2018-0343

A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service DoS condition on an affected system. The vulnerability is due to insufficient...

Adobe Acrobat Pro DC U3D PCX Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-4858

A vulnerability has been identified in IEC 61850 system configurator All versions V5.80, DIGSI 5 affected as IEC 61850 system configurator is incorporated All versions V7.80, DIGSI 4 All versions V4.93, SICAM PAS/PQS All versions V8.11, SICAM PQ Analyzer All versions V3.11, SICAM SCC All versions...

Code injection

Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user...

CVE-2018-11642

Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user...

Microsoft Windows Iexpress Untrustworthy Search Path Vulnerability

Microsoft Windows Iexpress is a tool for compressing CAB files bundled with Windows from Microsoft USA. An untrusted search path vulnerability exists in the self-extracting archive file created in Microsoft Windows Iexpress. The vulnerability can be exploited by an attacker with a malicious DLL i...

CVE-2018-1000533

klaussilveira GitList version = 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in searchTree function that can result in Execute any code as PHP user. This attack appear to be exploitable via Send POST request using search form. This vulnerability appears to...

YARA Buffer Overflow Vulnerability

YARA is a set of tools used to help software researchers identify and categorize malware samples. A security vulnerability exists in the 'yrexecutecode' function of the libyara/exec.c file in YARA. The vulnerability can be exploited by an attacker to execute code out-of-bounds writing with the he...

SECURITY BULLETIN: Webmin as used in IBM QRadar SIEM is vulnerable to Execute code as root. (CVE-2015-2011)

Summary The xmlrpc.cgi Webmin script allows arbitrary command execution and escalation of privileges. Vulnerability Details CVE-ID: CVE-2015-2011 Description: IBM QRadar could allow an authenticated user to execute code as root. CVSS Base Score:8.5 CVSS Temporal Score: See...