SUSE-SU-2018:2401-1 Security update for xen

This update for xen fixes the following security issues: - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS...

CVE-2018-3620

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis...

Security Update for Microsoft Excel 2016 (KB4032229) 64-Bit Edition

A security vulnerability exists in Microsoft Excel 2016 64-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

August 14, 2018—KB4343885 (OS Build 15063.1266)

August 14, 2018—KB4343885 OS Build 15063.1266 Note This release also contains updates for Windows 10 Mobile OS Build 15063.1266 released August 14, 2018. Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key...

Command execution vulnerability in Fusion K2 router at lanset settings page

The Fusion K2 PSG1218 router is a must-have new generation wireless router for entry-level users. The Fusion K2 router suffers from a command execution vulnerability at the lanset settings page. The vulnerability is due to the backend code failing to properly filter user input ipaddr, which can b...

Code Execution Vulnerability in the File Management System of Laoban CMS Backend

Laoban CMS content management system referred to as: Laoban CMS is developed by Laoban based on PHP + MYSQL environment of the open source station-building system. A code execution vulnerability exists in the background file management of Laoban CMS. An attacker can exploit the vulnerability to...

Command Execution Vulnerability in HP LaserJet Professional P1600 Series Printers

HP LaserJet Professional P1600 is a printer series developed by Hewlett-Packard. A command execution vulnerability exists in the HP LaserJet Professional P1600 series of printers. An attacker could exploit the vulnerability to execute commands and gain server privileges...

CVE-2018-14294

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

FTPShell Client Buffer Overflow (CVE-2009-3364; CVE-2017-6465; CVE-2018-7573)

A remote code execution vulnerability exists in FTPShell Client. The vulnerability is due to incorrect handling of the FTP response command. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

s2-016 Command Execution Vulnerability in Skywalker Secure One-Way Import System

Tianxing Security One-way Import System is a network security product of Beijing Tianxing Net Security Information Technology Co., Ltd. for one-way data transmission across security domains. The product consists of importing preamplifier PAS and importing server IAS, which can provide a...

SUSE-SU-2018:2104-1 Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP1)

This update for the Linux Kernel 3.12.74-606466 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data fro...

SUSE-SU-2018:2095-1 Security update for the Linux Kernel (Live Patch 31 for SLE 12)

This update for the Linux Kernel 3.12.61-52119 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from...

(0Day) Wecon LeviStudioU aetlog TrendSet WordAddr3 Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling o...

(0Day) Wecon LeviStudioU screenhelper Style Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling o...

CVE-2018-1999018

Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution RCE vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow$nodeObject that can result in An attacker gaining admin access and can then execute arbitrary commands on the...

CVE-2018-5059

Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user...

Mutt and NeoMutt Arbitrary Command Execution Vulnerabilities

NeoMutt is a patched version of Mutt, a text-based mail client for Unix-like systems developed by Michael Elkins Software Developers. An arbitrary command execution vulnerability exists in Mutt versions prior to 1.10.1 and NeoMutt versions prior to 2018-07-16, which stems from a failure of mutt t...

Code Execution Vulnerability in Axublog 1.1.2

Axublog is a PHP personal blog system. A code execution vulnerability exists in Axublog 1.1.2, which can be exploited by an attacker to execute remote code...

Security Update for Word Viewer (KB4032214)

A security vulnerability exists in Word Viewer that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

CVE-2018-6831

The setSystemTime function in Foscam Cameras C1 Lite V3, and C1 V3 with firmware 2.82.2.33 and earlier, FI9800P V3, FI9803P V4, FI9851P V3, and FI9853EP V2 2.84.2.33 and earlier, FI9816P V3, FI9821EP V2, FI9821P V3, FI9826P V3, and FI9831P V3 2.81.2.33 and earlier, C1, C1 V2, C1 Lite, and C1 Lite...