groovy: remote execution of untrusted code in class MethodClosure

A flaw was discovered in the way applications using Groovy used the standard Java serialization mechanism. A remote attacker could use a specially crafted serialized object that would execute code directly when deserialized. All applications which rely on serialization and do not isolate the code...

The vulnerability of the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Windows operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker, operating locally, to increase their privileges by using a special application known as “Microsoft Windows Kernel Object Use After Free...

The vulnerability of the Mac OS X operating system, which allows a hacker to increase their privileges

The vulnerability of the Mac OS X operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker, operating locally, to increase their privileges through VM objects...

The vulnerability of the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Windows operating system’s kernel is related to the handling of objects in memory. Exploiting this vulnerability can allow a local attacker to increase their privileges through a specially created application...

The vulnerability of the Apache TomEE application server allows a hacker to execute arbitrary commands.

The vulnerability of the EjbObjectInputStream class in the Apache TomEE application server exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using serialized Java objects remotely...

Adobe Acrobat Pro DC OCG Memory Error References Remote Code Execution Vulnerability

Adobe Reader is a PDF document reading software. A security vulnerability exists in Adobe Reader's handling of constructed OCG objects, which allows remote attackers to exploit the vulnerability to construct malicious PDF files and trick users into parsing them, which can crash the application or...

DLA-388-1 dwarfutils - security update

Bulletin has no description...

KLA10739 Code execution vulnerability in Microsoft VBScript

Improper memory objects handling was found in Microsoft VBScript. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed web content. Technical details To mitigate this vulnerability you can restrict acces...

Intel McAfee ePolicy Orchestrator Arbitrary Code Execution Vulnerability

Intel McAfee ePolicy Orchestrator ePO is a suite of scalable security management software from Intel Corporation formerly McAfee, Inc.. The software enables centralized, streamlined management of endpoint, network, content security and compliance solutions. A security vulnerability exists in Inte...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3503)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3503 advisory. - ipc/sem.c: fully initialize semarray before making it visible Manfred Spraul Orabug: 22250043 CVE-2015-7613 - Initialize msg/shm IPC objects befo...

CVE-2015-8261

The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request...

rtmpdump: multiple issues

Several issues have been found in the part of rtmpdump handling RTMP streams by LMX of Qihoo 360 Codesafe Team. These issues include memory leak, integer overflow, type confusion when dealing with AMF strings and objects, and several other parsing issues...

VMware vRealize Orchestrator Arbitrary Command Execution Vulnerability

VMware vRealize Orchestrator is a suite of IT process automation engines for integrating with VMware vCloud Suite components to align and extend service delivery and operations management. VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations...

Symantec Endpoint Protection Manager Java Object Deserialization RCE (SYM15-011)

The remote Symantec Endpoint Protection Manager server is affected by a remote command execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by sending a crafted...

Mozilla Firefox HTMLVideoElement Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

CVE-2015-7204

Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments...

UBUNTU-CVE-2015-7204

Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments...

KLA10723 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, bypass security restrictions, gain privileges, execute arbitrary code or obtain sensitive information. Below is a complete list ...

Medium: krb5

Issue Overview: A flaw was found in the OTP kdcpreauth module of MIT Kerberos. A remote attacker could use this flaw to bypass the requirespreauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line...

The vulnerability of Oracle WebLogic Server application servers allows attackers to execute arbitrary code.

The vulnerability of the WLS Security server component of Oracle WebLogic Server is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially crafted Java objects transmitted over the TCP protocol,...