Microsoft Chakra JavaScript Scripting Engine Memory Corruption Vulnerability (CNVD-2016-03020)

Microsoft Edge is a web browser developed by Microsoft and is the default browser that comes with the Windows 10 operating system.Chakra JScript engine is a JavaScript engine component used by IE and Edge web browser. A memory corruption vulnerability exists in the way the Microsoft Chakra...

Microsoft Windows win32k elevation of privilege vulnerability (CNVD-2016-03100)

Microsoft Windows is a series of operating systems released by Microsoft USA. win32k.sys is the kernel part of the Windows subsystem, a kernel-mode device driver, which contains a window manager, background control windows and screen output management. An elevation of privilege vulnerability exis...

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...

KLA10806 Multiple vulnerabilities in Microsoft Internet Explorer and Edge

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions or obtain sensitive information. Below is a complete list of vulnerabilities 1. An improper memory...

Adobe Acrobat Pro DC WillSave OCG Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

Xerces DTDScanner Memory Misreference Vulnerability

Xerces is the United States Apache Apache Software Foundation of an open source XML document parsing project , but also an open source XML syntax parser , it is currently available in a variety of languages , including JAVA, C++, PERL, COM and so on. A memory misreference vulnerability exists in...

KLA10804 Code execution vulnerabilities in Microsoft Office

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities 1. An improper memory objects handling can be exploited remotely via a specially designed content; 2. An...

HPE Network Node Manager Arbitrary Command Execution Vulnerability

HP Network Node Manager i-series NNMi software delivers powerful out-of-the-box features to help your network operations team efficiently manage networks of any size. An arbitrary command execution vulnerability exists in HPE Network Node Manager i NNMi versions 9.20, 9.23, 9.24, 9.25, 10.00,...

CVE-2016-2009

HPE Network Node Manager i NNMi 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections ACC library...

Samsung's SmartThings platform is explosive new vulnerabilities, can trigger the fire alarm-vulnerability warning-the black bar safety net

The researchers found that Samsung's SmartThings platform, there are multiple vulnerabilities for the attacker to invade a victim's home the door open. ! Security research team found in Samsung SmartThings platform in the presence of a plurality of security vulnerability for the network attacker ...

Oracle Application Testing Suite Java Object Deserialization RCE (April 2016 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by...

CVE-2016-3156

The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service host OS networking outage by arranging for a large number of IP addresses...

[SECURITY] Fedora 23 Update: xstream-1.4.9-1.fc23

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

HPE P9000 CVAE Arbitrary Command Execution Vulnerability

HP XP P9000 Command View Advanced Edition is a multifunctional device manager for HP XP P9500, XP Disk Array products. A security vulnerability exists in HPE P9000 Command View Advanced Edition Software CVAE and XP7 CVAE, which allows remote attackers to execute arbitrary commands via constructed...

The vulnerabilities of the automation and accounting software for Asset Manager and Asset Manager CloudSystem Chargeback allow attackers to execute arbitrary commands.

The vulnerability of the Asset Manager and Asset Manager CloudSystem Chargeback software lies in improper data processing. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely, using a specially crafted serialized Java object related to the Apache Commons...

Microsoft Excel Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

Microsoft Office Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

Apache OFBiz Security Bypass Vulnerability

Apache OFBiz also known as Apache Open For Business Project is the United States Apache Apache Software Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. A security bypass vulnerability exists in Apache...