Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation

Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation / Google software updater ships with Chrome on MacOS and installs a root service com.google.Keystone.Daemon.UpdateEngine which lives here:...

The vulnerability of the Zabbix universal monitoring system arises from incorrect restrictions on XML links to external objects, allowing a perpetrator to execute arbitrary code or read arbitrary files.

The vulnerability of the Zabbix universal monitoring system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or read arbitrary files using a specially crafted XML request...

Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2018-06787)

Microsoft Windows Server 2008 SP2 and others are a series of operating systems from Microsoft Corporation.Windows kernel is one of the operating system kernels. An information disclosure vulnerability exists in Microsoft Windows kernel, which arises from a program's failure to properly filter...

CVE-2018-2397

In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console CMC does not sufficiently encode user controlled inputs which results in Cross-Site Scripting...

Cross site scripting

In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console CMC does not sufficiently encode user controlled inputs which results in Cross-Site Scripting...

CVE-2018-2397

In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console CMC does not sufficiently encode user controlled inputs which results in Cross-Site Scripting...

CVE-2018-2397

In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console CMC does not sufficiently encode user controlled inputs which results in Cross-Site Scripting...

CVE-2018-2397

In SAP Business Objects BI Platform, versions 4.00–4.30, the Central Management Console (CMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting. This is the concrete issue described across the CVE and connected records, with no explicit exploitation details or...

CVE-2018-0891

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due ...

CVE-2018-0891

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due ...

CVE-2018-0817

Technical details about CVE-2018-0817 are not publicly provided in the supplied documents. Monitor for updates from official advisories; no affected products, root cause, or remediation are specified here.

EUVD-2018-1717

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows information...

Microsoft Access Remote Code Execution Vulnerability (KB4011234)

This host is missing an important security update according to Microsoft KB4011234 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

infinispan: Unsafe deserialization of malicious object injected into data cache

It was found that the Hotrod client in Infinispan would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks...

client: unchecked deserialization in marshaller util

The hotrod java client in infinispan automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks...

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...

Windows Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity UMCI policy on the machine. To exploit the vulnerability, an attacke...

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information t...

Windows Kernel Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information t...

Microsoft Access Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...