CVE-2017-15298

Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service memory consumption via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to...

CVE-2017-15013

OpenText Documentum Content Server formerly EMC Documentum Content Server through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmrcontent objects, which are queryable and "editable...

CVE-2017-15013

CVE-2017-15013 affects OpenText Documentum Content Server (formerly EMC Documentum Content Server) up to version 7.3. The design flaw lets any authenticated user modify or delete dmr_content objects (notably those linked to sensitive items such as dm_method), enabling replacement of content and e...

CVE-2017-15013

OpenText Documentum Content Server formerly EMC Documentum Content Server through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmrcontent objects, which are queryable and "editable...

CVE-2017-8693

The Microsoft Graphics Component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the way it handles objects in memory, aka "Microsoft Graphics Information Disclosure Vulnerability"...

CVE-2017-11816

The Microsoft Windows Graphics Device Interface GDI on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the wa...

CVE-2017-11784

The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kerne...

CVE-2017-11790

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how...

CVE-2017-11765

The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly...

CVE-2017-11772

The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure when it fails to properly handle...

CVE-2017-11765

The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly...

RubyGems Remote Code Execution Vulnerability

RubyGems is a package manager for Ruby that provides a standard format for distributing Ruby programs and libraries called "gems", and is designed to make it easy to manage gem installations and the servers used to distribute them. A remote code execution vulnerability exists in RubyGems, which c...

Remote code execution

RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution...

CVE-2017-0903

RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution...

CVE-2017-0903

RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution...

CVE-2017-0903

RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution...

Microsoft Office Remote Code Execution Vulnerability (CNVD-2017-30582)

Microsoft Office is a suite of office software based on the Windows operating system developed by Microsoft. A remote code execution vulnerability exists in the implementation of Microsoft Office when it does not properly handle memory objects, which could allow an attacker to run arbitrary code ...

Microsoft Windows Graphics Component Local Information Disclosure Vulnerability (CNVD-2017-30910)

Microsoft Windows is the popular computer operating system. An information disclosure vulnerability exists in the implementation of Windows Graphics when it does not properly handle memory objects, which can be successfully exploited to allow an attacker to obtain sensitive information...

Microsoft Office Outlook Security Bypass Vulnerability

Microsoft Office is a suite of office software based on the Windows operating system developed by Microsoft. A security bypass vulnerability exists in the implementation of Microsoft Outlook when it does not properly handle in-memory objects, where an attacker could execute arbitrary commands via...

Microsoft Office Web Apps Server 2013 Service Pack 1 RCE Vulnerability (KB4011231)

This host is missing an important security update according to Microsoft KB4011231 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...