7689 matches found
Progress Telerik JustAssembly and JustDecompile Code Execution Vulnerabilities
Progress Telerik JustAssembly and JustDecompile are both products of Progress Software, Inc. Progress Telerik JustAssembly is a code diff checking and decompilation tool.JustDecompile is an open source Decompile is an open source decompilation engine. A security vulnerability exists in Progress...
Microsoft Windows: Audit Authorization Policy Change
This test checks the setting for policy OpenVAS Vulnerability Test $Id: winauthorizationpolicychange.nasl 11068 2018-08-21 11:51:41Z emoss $ Check value for Audit Authorization Policy Change Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This...
CVE-2018-11247
The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote attackers to execute arbitrary code via a session on port 81...
CVE-2018-8405
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel DXGKRNL driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 1...
CVE-2018-8349
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server...
CVE-2018-8341
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows...
EUVD-2018-20000
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server...
CVE-2018-8406
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel DXGKRNL driver improperly handles objects in memory, aka “DirectX Graphics Kernel Elevation of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from...
Security and Quality Rollup updates for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012 (KB 4340557)
Security and Quality Rollup updates for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012 KB 4340557 This article also applies to the following: Microsoft .NET Framework 3.5 Summary This security update resolves the following vulnerabilities: A "remote co...
Microsoft COM for Windows Remote Code Execution Vulnerability
Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the U.S. COM is one of the COM program writing components. A remote code execution vulnerability exists in Microsoft COM for Windows, which stems from the program not properly handling serialize...
Microsoft .NET Framework Multiple Vulnerabilities (KB4344147)
This host is missing an important security update according to Microsoft KB4344147 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
DEBIAN-CVE-2018-14424
The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code...
Microsoft Edge Memory Corruption Vulnerability
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...
DirectX Graphics Kernel Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel DXGKRNL driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to...
Microsoft COM for Windows Remote Code Execution Vulnerability
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects. An attacker who successfully exploited the vulnerability could use a specially crafted file or script to perform actions. In an email attack scenario, an attacker could...
Windows Kernel Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on ...
CVE-2018-14878
JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object such as a DLL or EXE file with a specific file, because of Deserialization of Untrusted Data...
Oracle WebLogic Server Deserialization RCE (CVE-2018-2893)
The remote Oracle WebLogic server is affected by a remote code execution vulnerability in the Core Components subcomponent due to unsafe deserialization of Java objects. An unauthenticated, remote attacker can exploit this, via a crafted Java object, to execute arbitrary Java code in the context ...
CVE-2018-14671
unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability. Andrey Krasichkov and Evgeny Sidorov of Yandex Information Security Team...
CVE-2017-6920
Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations...