Lucene search
K

4205 matches found

ThreatPost
ThreatPost
added 2017/09/01 10:0 a.m.41 views

No Fix Planned For LabVIEW Bug, Says National Instruments

Automated test equipment and virtual instrumentation software behemoth National Instruments said it will not patch software that security researchers at Cisco Talos said is flawed and could result in code execution by third-party attackers. The affected software is LabVIEW, a leading program...

9.3CVSS2AI score0.30666EPSS
Exploits5References5
OSV
OSV
added 2017/08/31 7:42 p.m.5 views

SUSE-SU-2017:2320-1 Security update for git

This update for git fixes the following issues: - CVE-2017-1000117: A client side code execution via shell injection when receiving special submodule strings from a malicious server was fixed bsc1052481...

8.8CVSS9AI score0.77823EPSS
Exploits9References3
CNVD
CNVD
added 2017/08/25 12:0 a.m.4 views

Dokodemo eye Smart HD SCR02HD Arbitrary PHP Code Execution Vulnerability

Dokodemo eye Smart HD SCR02HD is a wireless monitor from NIPPON ANTENNA. The Dokodemo eye Smart HD SCR02HD suffers from an arbitrary PHP code execution vulnerability that can be exploited by an attacker to execute arbitrary PHP code on the product...

8.8CVSS9.2AI score0.01359EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/15 12:0 a.m.4 views

Adobe Acrobat/Reader Remote Code Execution Vulnerability (CNVD-2017-28433)

Adobe Reader is a PDF document reading software.Acrobat is a PDF document editing software. Adobe Acrobat Reader has a remote code execution vulnerability in the JavaScript engine when creating larger strings, which can be exploited by attackers to execute arbitrary code...

9.3CVSS9.4AI score0.09362EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/08/15 12:0 a.m.37 views

Fedora 26 : subversion (2017-951b6a78d4)

This update includes the latest stable release of Apache Subversion, version 1.9.7. Client-side bugfixes : - Fix arbitrary code execution vulnerability CVE-2017-9800 See for details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update...

9.8CVSS7.8AI score0.18892EPSS
Exploits3References2
OSV
OSV
added 2017/08/14 12:0 p.m.5 views

SUSE-SU-2017:2163-1 Security update for subversion

This update for subversion fixes the following issue: - CVE-2016-8734: Unrestricted XML entity expansion in moddontdothat and Subversion clients using https:// bsc1011552. - CVE-2017-9800: client code execution via argument injection in SSH URL bnc1051362...

9.8CVSS8.5AI score0.18892EPSS
Exploits3References5
Zero Day Initiative
Zero Day Initiative
added 2017/08/11 12:0 a.m.22 views

Hewlett Packard Enterprise Intelligent Management Center iccSelectDymicParam Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

9CVSS3.2AI score0.0572EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/08/10 12:0 a.m.39 views

SUSE SLED12 Security Update : puppet (SUSE-SU-2017:2113-1)

This update for puppet fixes the following issues: Security issue fixed : - CVE-2017-2295: Possible code execution vulnerability where an attacker could force YAML deserialization in an unsafe manner. In default, this update breaks a backwards compatibility with Puppet agents older than 3.2.2 as...

8.2CVSS7.2AI score0.02375EPSS
Exploits0References4
Prion
Prion
added 2017/08/08 9:29 p.m.19 views

Remote code execution

Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to buffer overflow, aka "Microsoft JET...

9.3CVSS8.1AI score0.23659EPSS
Exploits0References3Affected Software3
Tenable Nessus
Tenable Nessus
added 2017/08/08 12:0 a.m.170 views

KB4034662: Security update for Adobe Flash Player (August 2017)

The remote Windows host is missing security update KB4034662. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website...

9.3CVSS8.4AI score0.22311EPSS
Exploits3References5
Cvelist
Cvelist
added 2017/08/06 2:0 a.m.20 views

CVE-2017-12581

GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy SOP is a precondition; however, recent Electron versions do...

8.4AI score0.06693EPSS
Exploits1References2
OSV
OSV
added 2017/08/03 7:5 p.m.9 views

MGASA-2017-0243 Updated freerdp packages fix security vulnerabilities

An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle...

8.8CVSS6.8AI score0.01826EPSS
Exploits6References10
CNVD
CNVD
added 2017/08/01 12:0 a.m.2 views

RVM Code Execution Vulnerability

RVM is a Ruty version management command line tool that supports the installation and management of multiple Ruty environments including compilers. A code execution vulnerability exists in RVM 1.28.0 and earlier versions. An attacker can exploit the vulnerability to execute code...

9.8CVSS9.8AI score0.06176EPSS
Exploits1References1
Apple
Apple
added 2017/07/19 5:7 a.m.49 views

About the security content of watchOS 3.2.3 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

9.8CVSS1AI score0.47537EPSS
Exploits5Affected Software1
OpenVAS
OpenVAS
added 2017/07/19 12:0 a.m.65 views

ManageEngine Desktop Central < 10.0.092 RCE Vulnerability

ManageEngine Desktop Central allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

9.8CVSS7.7AI score0.4327EPSS
Exploits5References1
CNVD
CNVD
added 2017/07/14 12:0 a.m.1 views

Juniper Junos Code Execution Vulnerability (CNVD-2017-21778)

Juniper Junos is a network operating system dedicated to the company's hardware systems. A code execution vulnerability exists in the Juniper Junos SNMP service that can be exploited by a remote attacker to submit a special request and execute arbitrary code...

9.8CVSS8.1AI score0.0363EPSS
Exploits0References1
Microsoft Security Update
Microsoft Security Update
added 2017/07/11 5:0 p.m.15 views

Security Update for Microsoft Excel 2016 (KB3203477) 32-Bit Edition

A security vulnerability exists in Microsoft Excel 2016 32-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/07/06 12:0 a.m.30 views

Debian DLA-1014-1 : libclamunrar security update

It was discovered that there was an arbitrary code execution vulnerability in libcamunrar, a library to add unrar support to the Clam anti-virus software. This was caused by an integer overflow resulting in a negative value of the DestPos variable, which allows the attacker to write out of bounds...

7.4CVSS8.1AI score0.0338EPSS
Exploits0References3
Prion
Prion
added 2017/07/05 8:29 p.m.20 views

Design/Logic Flaw

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Read Access Violation on Control Flow starting at COMCTL32!CToolTipsMgr::sToolTipsWndProc+0x0000000000000032."...

4.6CVSS7.9AI score0.00364EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2017/06/30 12:0 a.m.2 views

AMAX Winmail Server Code Execution Vulnerability

AMAX Winmail Server is a set of mail server software from AMAX Group. The software supports SMTP, POP3, WEBMAIL, anti-virus, SMTP authentication and remote control and other functions. A security vulnerability exists in AMAX Winmail Server version 6.1. A remote attacker can exploit the...

8.8CVSS7.3AI score0.0275EPSS
Exploits0References1
Rows per page
Query Builder