SAP Business Objects Financial Consolidation Cross-Site Scripting Vulnerability (CNVD-2018-17911)

SAP Business Objects is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The program provides reporting, performance management, and data base functions. financial Consolidation is one of the tools used to connect financial systems. A cross-site...

SAP BusinessObjects Business Intelligence Cross-Site Request Forgery Vulnerability

SAP BusinessObjects Business Intelligence is a suite of business intelligence software and enterprise performance solutions from SAP. The product has report generation, analysis, data visualization and other functions. A cross-site request forgery vulnerability exists in SAP BusinessObjects...

Design/Logic Flaw

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...

CVE-2018-14059

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...

CVE-2018-14059

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...

CVE-2018-14059

CVE-2018-14059 corresponds to a Pimcore XSS vulnerability exposed in Pimcore 5.2.3 and earlier and affects multiple entry points: Users, Assets, Data Objects, Video/Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Meta...

Google Chrome < 61.0.3163.79 Multiple Vulnerabilities

Binary data 700345.pasl...

Progress Telerik JustAssembly and JustDecompile Code Execution Vulnerabilities

Progress Telerik JustAssembly and JustDecompile are both products of Progress Software, Inc. Progress Telerik JustAssembly is a code diff checking and decompilation tool.JustDecompile is an open source Decompile is an open source decompilation engine. A security vulnerability exists in Progress...

Microsoft Windows: Audit Authorization Policy Change

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winauthorizationpolicychange.nasl 11068 2018-08-21 11:51:41Z emoss $ Check value for Audit Authorization Policy Change Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This...

CVE-2018-11247

The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote attackers to execute arbitrary code via a session on port 81...

CVE-2018-8405

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel DXGKRNL driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 1...

CVE-2018-8349

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server...

CVE-2018-8341

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows...

EUVD-2018-20000

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server...

CVE-2018-8406

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel DXGKRNL driver improperly handles objects in memory, aka “DirectX Graphics Kernel Elevation of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from...

Security and Quality Rollup updates for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012 (KB 4340557)

Security and Quality Rollup updates for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012 KB 4340557 This article also applies to the following: Microsoft .NET Framework 3.5 Summary This security update resolves the following vulnerabilities: A "remote co...

Microsoft COM for Windows Remote Code Execution Vulnerability

Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the U.S. COM is one of the COM program writing components. A remote code execution vulnerability exists in Microsoft COM for Windows, which stems from the program not properly handling serialize...

Microsoft .NET Framework Multiple Vulnerabilities (KB4344147)

This host is missing an important security update according to Microsoft KB4344147 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

DEBIAN-CVE-2018-14424

The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code...

Microsoft Edge Memory Corruption Vulnerability

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...