4205 matches found
No Fix Planned For LabVIEW Bug, Says National Instruments
Automated test equipment and virtual instrumentation software behemoth National Instruments said it will not patch software that security researchers at Cisco Talos said is flawed and could result in code execution by third-party attackers. The affected software is LabVIEW, a leading program...
SUSE-SU-2017:2320-1 Security update for git
This update for git fixes the following issues: - CVE-2017-1000117: A client side code execution via shell injection when receiving special submodule strings from a malicious server was fixed bsc1052481...
Dokodemo eye Smart HD SCR02HD Arbitrary PHP Code Execution Vulnerability
Dokodemo eye Smart HD SCR02HD is a wireless monitor from NIPPON ANTENNA. The Dokodemo eye Smart HD SCR02HD suffers from an arbitrary PHP code execution vulnerability that can be exploited by an attacker to execute arbitrary PHP code on the product...
Adobe Acrobat/Reader Remote Code Execution Vulnerability (CNVD-2017-28433)
Adobe Reader is a PDF document reading software.Acrobat is a PDF document editing software. Adobe Acrobat Reader has a remote code execution vulnerability in the JavaScript engine when creating larger strings, which can be exploited by attackers to execute arbitrary code...
Fedora 26 : subversion (2017-951b6a78d4)
This update includes the latest stable release of Apache Subversion, version 1.9.7. Client-side bugfixes : - Fix arbitrary code execution vulnerability CVE-2017-9800 See for details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update...
SUSE-SU-2017:2163-1 Security update for subversion
This update for subversion fixes the following issue: - CVE-2016-8734: Unrestricted XML entity expansion in moddontdothat and Subversion clients using https:// bsc1011552. - CVE-2017-9800: client code execution via argument injection in SSH URL bnc1051362...
Hewlett Packard Enterprise Intelligent Management Center iccSelectDymicParam Expression Language Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
SUSE SLED12 Security Update : puppet (SUSE-SU-2017:2113-1)
This update for puppet fixes the following issues: Security issue fixed : - CVE-2017-2295: Possible code execution vulnerability where an attacker could force YAML deserialization in an unsafe manner. In default, this update breaks a backwards compatibility with Puppet agents older than 3.2.2 as...
Remote code execution
Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to buffer overflow, aka "Microsoft JET...
KB4034662: Security update for Adobe Flash Player (August 2017)
The remote Windows host is missing security update KB4034662. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists due to an unspecified flaw. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website...
CVE-2017-12581
GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy SOP is a precondition; however, recent Electron versions do...
MGASA-2017-0243 Updated freerdp packages fix security vulnerabilities
An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle...
RVM Code Execution Vulnerability
RVM is a Ruty version management command line tool that supports the installation and management of multiple Ruty environments including compilers. A code execution vulnerability exists in RVM 1.28.0 and earlier versions. An attacker can exploit the vulnerability to execute code...
About the security content of watchOS 3.2.3 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...
ManageEngine Desktop Central < 10.0.092 RCE Vulnerability
ManageEngine Desktop Central allows remote attackers to execute arbitrary code via vectors involving the upload of help desk videos. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Juniper Junos Code Execution Vulnerability (CNVD-2017-21778)
Juniper Junos is a network operating system dedicated to the company's hardware systems. A code execution vulnerability exists in the Juniper Junos SNMP service that can be exploited by a remote attacker to submit a special request and execute arbitrary code...
Security Update for Microsoft Excel 2016 (KB3203477) 32-Bit Edition
A security vulnerability exists in Microsoft Excel 2016 32-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...
Debian DLA-1014-1 : libclamunrar security update
It was discovered that there was an arbitrary code execution vulnerability in libcamunrar, a library to add unrar support to the Clam anti-virus software. This was caused by an integer overflow resulting in a negative value of the DestPos variable, which allows the attacker to write out of bounds...
Design/Logic Flaw
XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Read Access Violation on Control Flow starting at COMCTL32!CToolTipsMgr::sToolTipsWndProc+0x0000000000000032."...
AMAX Winmail Server Code Execution Vulnerability
AMAX Winmail Server is a set of mail server software from AMAX Group. The software supports SMTP, POP3, WEBMAIL, anti-virus, SMTP authentication and remote control and other functions. A security vulnerability exists in AMAX Winmail Server version 6.1. A remote attacker can exploit the...