CVE-2018-8161

CVE-2018-8161 is described across sources as a remote code execution flaw in Microsoft Office products (Word, Office, SharePoint) caused by improper handling of in-memory objects. Connected CNVD records corroborate a memory-handling vulnerability that allows an attacker to execute arbitrary code ...

CVE-2018-0824

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server...

Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2018-10981)

Microsoft Windows is a set of operating systems developed by Microsoft Corporation in the U.S. Windows uses a graphical mode GUI. Microsoft Windows suffers from an information disclosure vulnerability. The vulnerability arises because the Windows kernel fails to properly handle objects in memory...

Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2018-10985)

Microsoft Windows is a set of operating systems developed by Microsoft Corporation in the U.S. Windows uses a graphical mode GUI. Microsoft Windows suffers from an information disclosure vulnerability. The vulnerability arises because the Windows kernel fails to properly handle objects in memory...

Microsoft Windows Image Elevation of Privilege Vulnerability

Microsoft Windows is a set of operating systems developed by Microsoft Corporation in the U.S. Windows uses a graphical mode GUI. An elevation of privilege vulnerability exists in the way the Microsoft Windows kernel image handles objects in memory. An attacker could exploit this vulnerability to...

Microsoft Excel Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

Scripting Engine Information Disclosure Vulnerability

An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data. To exploit the vulnerability, an attacker must know the memory address of where the objec...

DirectX Graphics Kernel Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel DXGKRNL driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to...

.NET Framework Device Guard Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity UMCI policy on the machine. To exploit the vulnerability, an attacker would...

Microsoft Exchange Memory Corruption Vulnerability

An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the remote system. To exploit the vulnerability, an attacker would send a...

Microsoft COM for Windows Remote Code Execution Vulnerability

A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects. An attacker who successfully exploited the vulnerability could use a specially crafted file or script to perform actions. In an email attack scenario, an attacker could...

Microsoft Browser Information Disclosure Vulnerability

An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack...

Foxit Reader U3D 3DView Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D...

CVE-2018-5516

On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell tmsh access can access objects on the file syste...

Multiple F5 Products TMOS Shell Information Disclosure Vulnerability

F5 BIG-IP LTM and others are products of F5 Corporation, USA.F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager.TMOS Shell tmsh is one of the command line tools. A security vulnerability exists in the TMOS Shell in several F5 products. An attacker could...

Microsoft Windows 10: Create permanent shared objects

This user right determines which accounts can be used by processes to create a directory object by using the object manager. Directory objects include Active Directory objects, files and folders, printers, registry keys, processes, and threads. Users who have this capability can create permanent...

Microsoft Windows 10: Create global objects

This policy setting determines which users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. A global object is an object that is created to be used by any number of processes or...

Microsoft Windows 10: Take ownership of files or other objects

This policy setting determines which users can take ownership of any securable object in the device, including Active Directory objects, NTFS files and folders, printers, registry keys, services, processes, and threads. Every object has an owner, whether the object resides in an NTFS volume or...

Open Web Analytics < 1.5.7 PHP Object Injection Vulnerability

Open Web Analytics is prone to a PHP object injection vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

FreeBSD : chromium -- vulnerability (36ff7a74-47b1-11e8-a7d6-54e1ad544088)

Google Chrome Releases reports : 62 security fixes in this release : - 826626 Critical CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-28 - 827492 Critical CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-30 - 813876 High...