Adobe Acrobat Pro DC WebLink borderWidth Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

Microsoft Outlook 2016 Remote Code Execution Vulnerability (KB4461544)

This host is missing an important security update according to Microsoft KB4461544. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

DirectX Information Disclosure Vulnerability

An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An authenticated attacker could exploit this vulnerability by running a...

Microsoft Excel Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

Description of the security update for the elevation of privilege vulnerabilities in Windows Embedded POSReady 2009 and Windows Embedded Standard 2009: December 11, 2018

Description of the security update for the elevation of privilege vulnerabilities in Windows Embedded POSReady 2009 and Windows Embedded Standard 2009: December 11, 2018 Summary Windows elevation of privilege vulnerabilities exist in the following scenarios: When Windows incorrectly handles calls...

CVE-2018-1000861

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not...

CVE-2018-1000861

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not...

CVE-2018-1000861

A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not...

The vulnerability of the DirectX component in the Windows operating system allows attackers to elevate their privileges and execute arbitrary code in kernel mode.

The vulnerability of the DirectX component of the Windows operating system exists due to improper handling of objects in memory. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code in kernel mode through a specially created application...

Remote Code Execution (RCE)

Microsoft ChakraCore is vulnerable to remote code execution. This is due to how the scripting engine handles objects in memory, allowing a remote attacker to execute arbitrary code in the context of the authenticated user...

Remote Code Execution (RCE)

Microsoft ChakraCore is vulnerable to remote code execution. This is due to how the scripting engine handles objects in memory, which allows a remote attacker to execute arbitrary code in the context of the user. This CVE ID is different from CVE-2018-0834, CVE-2018-0835, CVE-2018-0837,...

Information Disclosure

activejob is vulnerable to information disclosure. A lack of validation in the deserializeargument function in arguments.rb allows remote attackers access to information that is otherwise not accessible when deserializing GlobalID objects that were not generated by Active Jobs...

USN-3829-1: Git vulnerabilities

It was discovered that Git incorrectly handled layers of tree objects. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2017-15298 It was discovered that Git incorrectly handled certain inputs. An attacker...

(0Day) INVT Electric VT-Designer PM3 File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

atomic-openshift: oc patch with json causes masterapi service crash

An out of bounds write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform 3.x. An attacker can use this flaw to cause a denial of service attack on the Openshift master API service which provides cluster management...

Richfaces 3.x Remote Code Execution

Original report+advisories: TITLE: ==================== Unauthenticated Remote Code execution in WebApps using Richfaces 3.X all versions. RESUME ==================== RichFaces Framework 3.X through 3.3.4 all versions is vulnerable to Expression Language EL Injection via UserResource resource,...

Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation

Windows: DfMarshal Unsafe Unmarshaling Elevation of Privilege Master Platform: Windows 10 1803 not tested earlier, although code looks similar on Win8+ Class: Elevation of Privilege Note, this is the master issue report for the DfMarshal unmarshaler. I’m reporting multiple, non-exhaustive, issues...

Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation

Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation Windows: DfMarshal Unsafe Unmarshaling Elevation of Privilege Master Platform: Windows 10 1803 not tested earlier, although code looks similar on Win8+ Class: Elevation of Privilege Note, this is the master issue report for th...

Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation Exploit

Exploit for windows platform in category local exploits Windows: DfMarshal Unsafe Unmarshaling Elevation of Privilege Master Platform: Windows 10 1803 not tested earlier, although code looks similar on Win8+ Class: Elevation of Privilege Note, this is the master issue report for the DfMarshal...

Authentication Bypass

openssl is vulnerable to an authentication bypass. The library does not properly compare OpenSSL::X509::Name objects, leading to non-equal objects to be returned as equal. This can allow a malicious user to pass a spoofed certificate to the system during the authentication process...