STDU Viewer Buffer Overflow Vulnerability (CNVD-2017-30276)

STDU Viewer is a free file viewer that supports multiple formats. The program supports TIFF, PDF, DjVu, XPS and WWF formats. A buffer overflow vulnerability exists in STDU Viewer version 1.6.375. A local attacker can exploit this vulnerability with a specially crafted .xps file to execute arbitra...

STDU Viewer Buffer Overflow Vulnerability (CNVD-2017-30283)

STDU Viewer is a free file viewer that supports multiple formats. The program supports TIFF, PDF, DjVu, XPS and WWF formats. A buffer overflow vulnerability exists in STDU Viewer version 1.6.375. A local attacker can exploit this vulnerability with a specially crafted .xps file to execute arbitra...

STDU Viewer Buffer Overflow Vulnerability (CNVD-2017-30285)

STDU Viewer is a free file viewer that supports multiple formats. The program supports TIFF, PDF, DjVu, XPS and WWF formats. A buffer overflow vulnerability exists in STDU Viewer version 1.6.375. A local attacker can exploit this vulnerability with a specially crafted .xps file to execute arbitra...

CVE-2016-5759

CVE-2016-5759 affects the mkdumprd script used by kdump environments. The vulnerability arises because mkdumprd can invoke dracut from the current directory (./dracut), enabling a local attacker to trick the administrator into executing code with root privileges. Public sources (NVD, SUSE and Red...

CVE-2017-11158

Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse 1 shfolder.dll, 2 ntmarta.dll, 3 secur32.dll or 4 dwmapi.dll file in th...

The Sleuth Kit Buffer Overflow Vulnerability

The Sleuth Kit TSK is a collection of data forensic tools developed by software developer Brian Carrier. The tools are able to analyze file systems such as FAT, NTFS, UFS, etc. and provide detailed information about the file system, including deleted data. A buffer overflow vulnerability exists i...

CVE-2017-10950

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security 21.0.24.62. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

CVE-2017-10950

CVE-2017-10950 affects Bitdefender Total Security (bdfwfpf kernel driver). The vulnerability lies in the handling of IOCTL 0x8000E038 where the driver fails to validate the existence of an object before operating on it, enabling a local attacker to execute arbitrary code in the SYSTEM context. Ex...

CVE-2017-11159

Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse 1 shfolder.dll, 2 ntmarta.dll, 3 secur32.dll or 4 dwmapi.dll file in the...

CVE-2017-11160

Multiple untrusted search path vulnerabilities in installer in Synology Assistant before 6.1-15163 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse 1 shfolder.dll, 2 ntmarta.dll, 3 secur32.dll or 4 dwmapi.dll file in the current worki...

CVE-2015-3649

The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing "openuri-" followed by a crafted UID, and putting Ruby code in said directory once a meta file is created...

SIMPlight SCADA Software DLL Load Local Code Execution Vulnerability

SIMPlight SCADA is software for building management systems and automation equipment. SIMPlight SCADA Software suffers from a DLL Load Native Code Execution vulnerability that could be exploited by an attacker to submit a special file to trick a user into requesting and elevating privileges...

Solar Controls WATTConfig M Software DLL Load Local Code Execution Vulnerability

Solar Controls WATTConfig M Software is a suite of software for use in Solar Controls devices from Solar Controls, Czech Republic. A security vulnerability exists in Solar Controls WATTConfig M Software version 2.5.10.1 and earlier. The vulnerability can be exploited by an attacker to execute...

Denial of service

HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts...

DEBIAN-CVE-2017-7980

Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator Qemu 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service crash via vectors related to a VNC client updating its display after a VGA operation...

CVE-2017-2344

A routine within an internal Junos OS sockets library is vulnerable to a buffer overflow. Malicious exploitation of this issue may lead to a denial of service kernel panic or be leveraged as a privilege escalation through local code execution. The routines are only accessible via programs running...

Juniper Networks Junos OS Sockets Library Buffer Overflow Vulnerability

Junos OS is prone to a buffer overflow vulnerability in the sockets library. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2017-1297

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 includes DB2 Connect Server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159...

CVE-2017-8464

Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK fil...

Lenovo Service Bridge Local Code Execution Vulnerability

Lenovo Service Bridge is a Windows program from the Chinese company Lenovo Lenovo that automatically detects the serial number and model number of your device. A local code execution vulnerability exists in versions prior to Lenovo Service Bridge 4. An attacker could exploit this vulnerability to...