Windows Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. To exploit the vulnerability, an attacker who has a domain user accou...

Windows Session Object Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in the way that Windows handles session objects. A locally authenticated attacker who successfully exploited the vulnerability could hijack the session of another user. To exploit the vulnerability, the attacker could run a specially crafted...

Windows Secure Kernel Mode Information Disclosure Vulnerability

An information disclosure vulnerability exists when Windows Secure Kernel Mode improperly handles objects in memory. A locally authenticated attacker who successfully exploited this vulnerability could be able to read sensitive information on the target system. To exploit this vulnerability, an...

Internet Explorer Information Disclosure Vulnerability

An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack scenario, an...

Microsoft Windows Session Object Elevation of Privilege (MS16-111: CVE-2016-3305)

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to an error in the way windows kernel handles session objects in concurrent logins. Successful exploitation may lead to a malicious user gaining access to a victim user's session...

MS16-109: Security Update for Silverlight (3182373)

The version of Microsoft Silverlight installed on the remote Windows host is affected by a remote code execution vulnerability due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a website containing a specially crafte...

Microsoft Office Memory Corruption (MS16-107: CVE-2016-3363)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

CVE-2016-7124

ext/standard/varunserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a 1 destruct call or 2 magic method call...

Apache OpenOffice -- multiple vulnerabilities

The Apache Openofffice project reports: CVE-2017-3157: Arbitrary file disclosure in Calc and Writer By exploiting the way OpenOffice renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacke...

[SECURITY] Fedora 23 Update: rubygem-activerecord-4.2.3-3.fc23

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

[SECURITY] Fedora 24 Update: rubygem-activerecord-4.2.5.2-2.fc24

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

[SECURITY] Fedora 25 Update: rubygem-activerecord-5.0.0.1-1.fc25

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

Mozilla Firefox ESR < 45.3 Multiple Vulnerabilities

Binary data 9485.prm...

Vulnerability of Firefox and Firefox ESR browsers, allowing attackers to execute arbitrary code

The vulnerability of WebRTC sockets in Firefox and Firefox ESR browsers relates to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by using incorrect free operations on DTLS objects during the termination of a WebRTC session...

[SECURITY] Fedora 24 Update: python3-3.5.1-13.fc24

Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especi ally how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been remov...

Microsoft Win32k Elevation of Privilege Vulnerability (CNVD-2016-06265)

Microsoft Windows is the popular computer operating system. Some versions of the Windows kernel-mode driver do not properly handle memory objects and an elevation of privilege vulnerability exists, which can be exploited by a local user with a constructed application...

Microsoft Kernel-Mode Drivers Multiple Privilege Elevation Vulnerabilities (3178466)

This host is missing an important security update according to Microsoft Bulletin MS16-098. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft OneNote Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft OneNote improperly discloses its memory contents. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could create a specially craft...

Microsoft Internet Explorer Memory Corruption (MS16-095: CVE-2016-3322)

A use after free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the mishandling of cached objects in complex webpages. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could allow attackers to execute...

Microsoft Internet Explorer Information Disclosure (MS16-095: CVE-2016-3327)

An information disclosure vulnerability has been reported in Microsoft Internet Explorer and Edge. The vulnerability is due to improper handling of objects in memory. A remote attacker can exploit this vulnerability by enticing a victim to open a maliciously crafted web page...