CVE-2018-6496 MFSBGN03809 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF

Remote Cross-site Request forgery CSRF potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery CSRF...

RUSTSEC-2018-0021 Use-after-free with objects returned by `Stream`'s `get_format_info` and `get_context` methods

Affected versions contained a pair of use-after-free issues with the objects returned by the getformatinfo and getcontext methods of Stream objects. These objects were mistakenly being constructed without setting an important flag to prevent destruction of the underlying C objects they reference...

Security Bulletin: Denial of Service with WebSphere Application Server (CVE-2016-8919)

Summary There is a potential denial of service with WebSphere Application Server with SOAP connectors. Important information was added to the Remediation/Fixes section on February 22, 2017. Vulnerability Details Important information was added to the Remediation/Fixes section on February 22, 2017...

CVE-2018-8245

A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects, aka "Microsoft Publisher Remote Code Execution Vulnerability." This affects Microsoft Publisher...

CVE-2018-8207

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows...

CVE-2018-8169

An elevation of privilege vulnerability exists when the Human Interface Device HID Parser Library driver improperly handles objects in memory, aka "HIDParser Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server...

Denial of service

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10,...

Remote code execution

A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects, aka "Microsoft Publisher Remote Code Execution Vulnerability." This affects Microsoft Publisher...

Remote code execution

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office...

CVE-2018-8245

A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects, aka "Microsoft Publisher Remote Code Execution Vulnerability." This affects Microsoft Publisher...

The vulnerability of SAP Business Objects software for data collection and analysis lies in improper session management, allowing attackers to gain unauthorized access.

The vulnerability of SAP Business Objects software for data collection and analysis is related to improper session management. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access...

Media Foundation Memory Corruption Vulnerability

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an...

Microsoft Publisher Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects. An attacker who successfully exploited the vulnerability could force arbitrary code to be executed in the Local Machine zone. To...

Microsoft Windows: System objects: Strengthen default permissions of internal system objects

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winsodefaultperminternal.nasl 11344 2018-09-12 06:57:52Z emoss $ Check value for System objects: Strengthen default permissions of internal system objects Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks...

Microsoft Windows: System objects: Require case insensitivity for non-Windows subsystems

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winsocaseinsensitivesubsystems.nasl 11344 2018-09-12 06:57:52Z emoss $ Check value for System objects: Require case insensitivity for non-Windows subsystems Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks...

DEBIAN-CVE-2018-5099

A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firefo...

CVE-2017-7831

A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "exposedProps" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox 57...

CVE-2017-7831

A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "exposedProps" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox 57...

CVE-2017-7819

A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...

CVE-2017-5392

Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This...