Microsoft Windows JScript External Object Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code in applications using the JScript scripting language on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is required to exploit this vulnerability in that th...

groovy: remote execution of untrusted code in class MethodClosure

A flaw was discovered in the way applications using Groovy used the standard Java serialization mechanism. A remote attacker could use a specially crafted serialized object that would execute code directly when deserialized. All applications which rely on serialization and do not isolate the code...

Oracle Linux 7 : kernel (ELSA-2015-2152)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-2152 advisory. - kernel Initialize msg/shm IPC objects before doing ipcaddid Lennert Buytenhek 1271507 CVE-2015-7613 - fs vfs: Test for and handle paths that are...

DLA-352-1 libcommons-collections3-java - security update

Bulletin has no description...

Immunity Canvas: JENKINS_CLI_DESERIALIZATION

Name| jenkinsclideserialization ---|--- CVE| CVE-2015-8103 Exploit Pack| CANVAS Description| jenkinsclideserialization Notes| CVE Name: CVE-2015-8103 VENDOR: Jenkins NOTES: IMPORTANT NOTE: Any instance of this application running Apache Commons Collections version prior to 3.0 WILL NOT WORK...

kernel: Unauthorized access to IPC objects with SysV shm

A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to...

Low: Red Hat Security Advisory: rest security update

Updated rest packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from the CV...

Oracle WebLogic Server Remote Code Execution Vulnerability

Oracle WebLogic Server is an Oracle application server for cloud and legacy environments that provides a modern lightweight development platform that supports the entire lifecycle management of applications from development to production and simplifies application deployment and management.WLS...

Microsoft Office Memory Corruption Vulnerability (CNVD-2015-07511)

Microsoft Office is an office software suite of products developed by the U.S. company Microsoft Microsoft. Commonly used components are Word, Excel, Access, Powerpoint, FrontPage and so on. A remote code execution vulnerability exists in Microsoft Office. As the program fails to properly handle...

Microsoft Windows Remote Code Execution Vulnerabilities (3105864)

This host is missing a critical security update according to Microsoft Bulletin MS15-115. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Adobe Flash AS2 Sound loadSound Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Soun...

The vulnerabilities of SAP Business Objects, SAP Business Objects XI, and SAP Business Objects Edge systems allow attackers to trigger service failures.

The vulnerability of SAP Business Objects, SAP Business Objects XI, and SAP Business Objects Edge systems is caused by buffer overflow. Exploiting this vulnerability can allow a malicious actor to cause service interruptions using a specially crafted GIOP package...

Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2015-06837)

Oracle E-Business Suite is a fully integrated set of global business management software from Oracle. An unspecified vulnerability exists in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4. Allows an authenticated remote user to affect confidentiality by vectoring object-related business-BC4J...

CVE-2015-4865

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality via vectors related to Business Objects - BC4J...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality via vectors related to Business Objects - BC4J...

DEBIAN-CVE-2015-7613

Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipcaddid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c...

Denial of Service Vulnerability in Multiple SAP Products

SAP Business Objects BI Platform is a suite of business intelligence BI solution platforms.SAP BusinessObjects and BusinessObjects XI BOXI are both business intelligence software and enterprise performance solutions. A security vulnerability exists in several SAP products. Allows a remote attacke...

Code injection

The Direct Rendering Manager DRM subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager GEM objects, which allows context-dependent attackers to cause a denial of service memory consumption via an application that processes graphics data, as demonstrated by...

UBUNTU-CVE-2013-7445

The Direct Rendering Manager DRM subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager GEM objects, which allows context-dependent attackers to cause a denial of service memory consumption via an application that processes graphics data, as demonstrated by...

CVE-2013-7445

The Direct Rendering Manager DRM subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager GEM objects, which allows context-dependent attackers to cause a denial of service memory consumption via an application that processes graphics data, as demonstrated by...