Ruby 'Fiddle::Function.new' function heap buffer overflow vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. A heap buffer overflow vulnerability exists in the 'Fiddle::Function.new' function in Ruby versions 2.3.0 dev and 2.2.2. The vulnerability can be exploite...

The vulnerability in the browser kernel V8, which allows a hacker to trigger a service failure or cause other effects

The vulnerability of the objects.cc component in the V8 browser kernel arises due to incorrect restrictions on optimization. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures or other effects by using specially crafted JavaScript code...

Microsoft Office Remote Code Execution Vulnerability (3163610) - Mac OS X

This host is missing a critical security update according to Microsoft Bulletin MS16-070 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Edge Multiple Vulnerabilities (3163656)

This host is missing a critical security update according to Microsoft Bulletin MS16-068. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...

HPE Discovery and Dependency Mapping Inventory Arbitrary Command Execution Vulnerability

HPE Discovery and Dependency Mapping Inventory DDMi is a Hewlett Packard Enterprise HPE solution for automating the discovery and logging of client device information to help IT departments manage and control costs and risks. Apache Commons Collections ACC is a U.S. Apache Apache Software...

HPE Universal CMDB Arbitrary Code Execution Vulnerability

HPE Universal CMDB is the Universal Management Configuration Database, UCMDB, of Hewlett Packard Enterprise HPE, USA. An arbitrary code execution vulnerability exists in HPE Universal CMDB versions 10.0 through 10.21, Universal CMDB Configuration Manager versions 10.0 through 10.21,Universal...

USN-2997-1: Linux kernel (OMAP4) vulnerabilities

Jann Horn discovered that eCryptfs improperly attempted to use the mmap handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service system crash or possibly execute arbitrary code with...

The vulnerability of the PHP interpreter, which allows a hacker to trigger a service failure

The vulnerability of the function in the Zend/zendexceptions.c interpreter of PHP exists due to the lack of checks for certain Exception objects. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause a service failure such as reassigning a null pointer or...

CVE-2016-4369

HPE Discovery and Dependency Mapping Inventory DDMi 9.30, 9.31, 9.32, 9.32 update 1, 9.32 update 2, and 9.32 update 3 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library...

Adobe Acrobat Reader Use-After-Free (APSB16-14: CVE-2016-1061)

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...

Red Hat JBoss Operations Network Java Object Deserialization RCE

The remote Red Hat JBoss Operations Network server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Jython library. An unauthenticated, remote attacker can exploit this, by sending specially crafted Java objects to the HTT...

UBUNTU-CVE-2016-1678

objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted JavaScript code...

PowerFolder Server 10.4.321 - Remote Code Execution

Mogwai Security Advisory MSA-2016-01 ---------------------------------------------------------------------- Title: PowerFolder Remote Code Execution Vulnerability Product: PowerFolder Server Affected versions: 10.4.321 Linux/Windows Other version might be also affected Impact: high Remote: yes...

Apache TomEE 1.x < 1.7.4 / 7.x < 7.0.0-M3 Multiple RCE

Binary data 9323.prm...

HPE Release Control Apache Commons Collections Arbitrary Code Execution Vulnerability

HPE Release Control is a set of decision support solutions.Apache Commons Collections is a component in Commons Proper of the Apache Commons project that extends or adds to the Java collections framework. An unspecified security vulnerability in ACC for HPE Release Control allows remote attackers...

(Pwn2Own) Apple Safari ArrayStorage DFG Optimization Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Adobe ColdFusion Arbitrary Command Execution Vulnerability

Adobe ColdFusion is the United States of America Audobee Adobe a dynamic Web server products, which runs the CFML ColdFusion Markup Language is a programming language for Web applications. A command execution vulnerability exists in Adobe ColdFusion. A remote attacker can exploit this vulnerabili...

Adobe ColdFusion Multiple Vulnerabilities (APSB16-16) (credentialed check)

The version of Adobe ColdFusion running on the remote Windows host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities : - A cross-site scripting vulnerability exists due to improper validation of user-supplied input. An attacker can exploit this to execute...

The vulnerability of the Android operating system, which allows a perpetrator to obtain confidential information

The vulnerability of the Android operating system’s media server is related to the improper initialization of certain data structures. Exploiting this vulnerability allows a malicious actor to obtain confidential information through a specially created application, which is associated with the...