HP Continuous Delivery Automation Arbitrary Command Execution Vulnerability

HP Continuous Delivery Automation is a suite of solutions for automating the deployment of multi-tier applications. A security vulnerability in HP Continuous Delivery Automation allows remote attackers to execute arbitrary commands using specially crafted serialized Java objects...

VulnCheck KEV: CVE-2011-1255

The Timed Interactive Multimedia Extensions aka HTML+TIME implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that 1 was not properly initialized or 2 is deleted,...

The vulnerability of the IBM Tivoli Common Reporting system, a centralized data collection and analysis tool, allows a intruder to execute arbitrary commands.

The vulnerability of the InvokerTransformer class in the Apache Commons Collections library, used for centralized data collection and analysis in the IBM Tivoli Common Reporting system, is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to...

Vulnerability of Mac OS X and iOS operating systems, allowing attackers to read arbitrary files

The vulnerability of operating systems Mac OS X and iOS is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to remotely access and read arbitrary files using a specially crafted iBook file containing links to external XML...

Microsoft Windows Win32k Elevation of Privilege Vulnerability (CNVD-2016-01083)

Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in the kernel mode driver for Microsoft Windows, which arises from a program's failure to properly handle memory objects. A local attacker could exploit th...

openstack-swift: Proxy to server DoS through Large Objects

A memory-leak issue was found in OpenStack Object Storage swift, in the proxy-to-server connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption...

openstack-swift: Client to proxy DoS through Large Objects

A memory-leak issue was found in OpenStack Object Storage swift, in the client-to-proxy connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption...

CVE-2016-2048

Django 1.9.x before 1.9.2, when ModelAdmin.saveas is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission...

openstack-swift: Client to proxy DoS through Large Objects

A memory-leak issue was found in OpenStack Object Storage swift, in the client-to-proxy connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption...

McAfee ePolicy Orchestrator Java Object Deserialization RCE

The McAfee ePolicy Orchestrator ePO installed on the remote Windows host is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this to...

Google Kubernetes API Server Security Bypass Vulnerability

Google Kubernetes is an open source Docker container cluster management system. The system provides resource scheduling, deployment and operation, service discovery and scaling up and down for containerized applications. Google Kubernetes' API server failed to properly check admission control for...

HPE Operations Manager Arbitrary Command Execution Vulnerability

HPE Operations Manager OM is a set of business-oriented, enterprise-class systems management software from Hewlett Packard Enterprise HPE. The software provides system management, application management, event processing, business presentation and other functions. A security vulnerability exists ...

groovy: remote execution of untrusted code in class MethodClosure

A flaw was discovered in the way applications using Groovy used the standard Java serialization mechanism. A remote attacker could use a specially crafted serialized object that would execute code directly when deserialized. All applications which rely on serialization and do not isolate the code...

The vulnerability of the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Windows operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker, operating locally, to increase their privileges by using a special application known as “Microsoft Windows Kernel Object Use After Free...

The vulnerability of the Mac OS X operating system, which allows a hacker to increase their privileges

The vulnerability of the Mac OS X operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker, operating locally, to increase their privileges through VM objects...

The vulnerability of the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Windows operating system’s kernel is related to the handling of objects in memory. Exploiting this vulnerability can allow a local attacker to increase their privileges through a specially created application...

The vulnerability of the Apache TomEE application server allows a hacker to execute arbitrary commands.

The vulnerability of the EjbObjectInputStream class in the Apache TomEE application server exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using serialized Java objects remotely...

Adobe Acrobat Pro DC OCG Memory Error References Remote Code Execution Vulnerability

Adobe Reader is a PDF document reading software. A security vulnerability exists in Adobe Reader's handling of constructed OCG objects, which allows remote attackers to exploit the vulnerability to construct malicious PDF files and trick users into parsing them, which can crash the application or...

DLA-388-1 dwarfutils - security update

Bulletin has no description...

KLA10739 Code execution vulnerability in Microsoft VBScript

Improper memory objects handling was found in Microsoft VBScript. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed web content. Technical details To mitigate this vulnerability you can restrict acces...