Microsoft Chakra JavaScript Loop Type Confusion Vulnerability

This vulnerability allows remote attackers to produce abnormal program execution on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-16084

Removed by vendor...

RUSTSEC-2018-0008 Bug in SliceDeque::move_head_unchecked allows read of corrupted memory

Affected versions of this crate did not properly update the head and tail of the deque when inserting and removing elements from the front if, before insertion or removal, the tail of the deque was in the mirrored memory region, and if, after insertion or removal, the head of the deque is exactly...

Authentication flaw

Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network...

Google Chrome has an unspecified vulnerability (CNVD-2019-03621)

Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in the external protocol handling of CustomHandlers in versions of Google Chrome prior to 69.0.3497.81. A remote attacker can exploit the vulnerability to open external programs with th...

CVE-2018-12233

In the eaget function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to creat...

Race condition

It is possible to exploit a Time of Check & Time of Use TOCTOU vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and earlier tries to execute its binaries from working and/or temporary folders. Successful exploitation results in the execution of...

CVE-2015-9253

An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions e.g., passthru, exec, shellexec, or system with a non-blocking STDIN stream, causing this...

Code injection

An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions e.g., passthru, exec, shellexec, or system with a non-blocking STDIN stream, causing this...

UBUNTU-CVE-2015-9253

An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions e.g., passthru, exec, shellexec, or system with a non-blocking STDIN stream, causing this...

VMware Tools < 10.2.0 Program Execution Vulnerability (VMSA-2018-0003) (macOS)

The version of VMware Tools installed on the remote MacOS/MacOSX host is prior to 10.2.0. It is, therefore, affected by an unspecified flaw in VMware Tools related to improper guest access control. This allows a proximate attacker to execute programs via Unity mode on locked Windows VMs. Note tha...

CVE-2018-2363

SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by...

CVE-2017-4945

VMware Workstation 14.x and 12.x and Fusion 10.x and 8.x contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstatio...

Design/Logic Flaw

VMware Workstation 14.x and 12.x and Fusion 10.x and 8.x contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstatio...

CVE-2017-4945

VMware Workstation 14.x and 12.x and Fusion 10.x and 8.x contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstatio...

CVE-2017-4945

CVE-2017-4945 affects VMware Workstation (14.x, 12.x), Fusion (10.x, 8.x) and VMware Tools. Root cause: guest access control weakness that may allow code execution via Unity on locked Windows VMs. Affected components/versions: VMware Tools prior to 10.2.0; Tools 10.2.0 fixes this issue and is pac...

libXcursor Denial of Service Vulnerability

libXcursor is an X Window System cursor management library run by the X.Org Foundation. A security vulnerability exists in versions of libXcursor prior to 1.1.15. An attacker can exploit this vulnerability with malicious files to cause a denial of service crash or program execution integer overfl...

Unsupervised Coverage-Guided Kernel Fuzzer: syzkaller

syzkaller is an unsupervised coverage-guided kernel fuzzer. Linux kernel fuzzing has the most support, akaros, freebsd, fuchsia, netbsd and windows are supported to varying degrees. Initially, syzkaller was developed with Linux kernel fuzzing in mind, but now it’s being extended to support other ...

[SECURITY] Fedora 27 Update: procmail-3.22-44.fc27

Procmail can be used to create mail-servers, mailing lists, sort your incoming mail into separate folders/files real convenient when subscribing to one or more mailing lists or for prioritising your mail, preprocess your mail, start any programs upon mail arrival e.g. to generate different chimes...

CVE-2017-1000117

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim...