CVE-2017-9529

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx+0x0000000000004efd."...

Code injection

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .bie file, related to a "Read Access Violation on Block Data Move starting at Xjbig+0x000000000000121b."...

Code injection

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx+0x000000000000dcab."...

Stack overflow

XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted JPEG 2000 file that is mishandled during the opening of a directory in "Browser" mode, because of a "Stack Buffer Overrun" issue...

Code injection

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x000000000002e385."...

CVE-2017-9900

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x000000000002e385."...

IBM DB2 Buffer Overflow Vulnerability (CNVD-2017-14908)

IBM DB2 Universal Database Server is a commercial relational database system. A buffer overflow vulnerability exists in IBM DB2. A local attacker could exploit this vulnerability to execute arbitrary code...

Microsoft Edge Memory Corruption Vulnerability (CNVD-2017-12108)

Microsoft Edge is a web browser developed by Microsoft USA and is the default browser that comes with the Windows 10 operating system. A memory corruption vulnerability exists in Microsoft Edge. A remote attacker can exploit this vulnerability to execute arbitrary code or cause a denial of servic...

Microsoft Windows PDF Library JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows PDF Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Out-of-bounds

VMware Workstation 12.x prior to 12.5.3 and Horizon View Client 4.x prior to 4.4.0 contain multiple out-of-bounds read vulnerabilities in TrueType Font TTF parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs...

CVE-2017-4907

VMware Unified Access Gateway 2.5.x, 2.7.x, 2.8.x prior to 2.8.1 and Horizon View 7.x prior to 7.1.0, 6.x prior to 6.2.4 contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway...

CVE-2017-4908

VMware Workstation 12.x prior to 12.5.3 and Horizon View Client 4.x prior to 4.4.0 contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs...

CVE-2016-8228

In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges...

CVE-2017-5688

There is an escalation of privilege vulnerability in the Intel Solid State Drive Toolbox versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary code...

CVE-2017-2306

On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device...

CVE-2017-2514

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted we...

Quest Privilege Manager Elevation of Privilege Vulnerability

Quest Privilege Manager is a comprehensive solution for user privilege management that provides the core functionality needed to quickly elevate and manage user and administrative privileges. pmmasterd is one of the encryption programs. A security vulnerability exists in pmmasterd in Quest...

Google Android Framework APIs elevation of privilege vulnerability (CNVD-2017-08230)

Google Android is a Linux-based operating system for smartphone devices. An elevation of privilege vulnerability exists in the Google Android Framework APIs, which can be exploited by remote attackers to build malicious applications, execute arbitrary code, and elevate privileges...

Google Android Mediaserver elevation of privilege vulnerability (CNVD-2017-06872)

Google Android is a Linux-based operating system for smartphone devices. A security vulnerability exists in Google Android Mediaserver, which can be exploited by remote attackers to build malicious applications, execute arbitrary code, and elevate privileges...

Advantech WebAccess Directory Traversal Vulnerability (CNVD-2017-06980)

Advantech WebAccess is a set of HMI/SCADA software from Advantech based on browser architecture. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment. A directory traversal vulnerability exists in Advantech...