Security News

CVE-2018-5440

National Vulnerability Database - Thu, 02/15/2018 - 05:29
A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted request may cause a buffer overflow and could therefore execute arbitrary code on the web server or lead to a denial-of-service condition due to a crash in the web server.
Categories: Security News

CVE-2018-7055

National Vulnerability Database - Thu, 02/15/2018 - 05:29
GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the url parameter.
Categories: Security News

CVE-2018-7056

National Vulnerability Database - Thu, 02/15/2018 - 05:29
RoomWizard before 4.4.x allows remote attackers to obtain potentially sensitive information about IP addresses via /getGroupTimeLineJSON.action.
Categories: Security News

CVE-2018-7057

National Vulnerability Database - Thu, 02/15/2018 - 05:29
RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName parameter.
Categories: Security News

Vuln: General Electric D60 Line Distance Relay Multiple Buffer Overflow Vulnerabilities

SecurityFocus Vulnerabilities - Thu, 02/15/2018 - 00:00
General Electric D60 Line Distance Relay Multiple Buffer Overflow Vulnerabilities
Categories: Security News

Vuln: Nortek Linear eMerge E3 Series CVE-2017-5439 Remote Command Injection Vulnerability

SecurityFocus Vulnerabilities - Thu, 02/15/2018 - 00:00
Nortek Linear eMerge E3 Series CVE-2017-5439 Remote Command Injection Vulnerability
Categories: Security News

Vuln: Cisco StarOS CVE-2018-0122 Local Arbitrary File Overwrite Vulnerability

SecurityFocus Vulnerabilities - Thu, 02/15/2018 - 00:00
Cisco StarOS CVE-2018-0122 Local Arbitrary File Overwrite Vulnerability
Categories: Security News

CVE-2018-0847

National Vulnerability Database - Wed, 02/14/2018 - 21:29
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Information Disclosure Vulnerability".
Categories: Security News

CVE-2018-0850

National Vulnerability Database - Wed, 02/14/2018 - 21:29
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability".
Categories: Security News

CVE-2018-0851

National Vulnerability Database - Wed, 02/14/2018 - 21:29
Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Office handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0852.
Categories: Security News

CVE-2018-0852

National Vulnerability Database - Wed, 02/14/2018 - 21:29
Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Outlook handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0851.
Categories: Security News

CVE-2018-0853

National Vulnerability Database - Wed, 02/14/2018 - 21:29
Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an information disclosure vulnerability, due to how Office initializes the affected variable, aka "Microsoft Office Information Disclosure Vulnerability".
Categories: Security News

CVE-2018-0855

National Vulnerability Database - Wed, 02/14/2018 - 21:29
The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0755, CVE-2018-0760, and CVE-2018-0761.
Categories: Security News

CVE-2018-0856

National Vulnerability Database - Wed, 02/14/2018 - 21:29
Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
Categories: Security News

CVE-2018-0857

National Vulnerability Database - Wed, 02/14/2018 - 21:29
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
Categories: Security News

CVE-2018-0858

National Vulnerability Database - Wed, 02/14/2018 - 21:29
ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
Categories: Security News

CVE-2018-0859

National Vulnerability Database - Wed, 02/14/2018 - 21:29
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
Categories: Security News

CVE-2018-0860

National Vulnerability Database - Wed, 02/14/2018 - 21:29
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0861, and CVE-2018-0866.
Categories: Security News

CVE-2018-0861

National Vulnerability Database - Wed, 02/14/2018 - 21:29
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, and CVE-2018-0866.
Categories: Security News

CVE-2018-0864

National Vulnerability Database - Wed, 02/14/2018 - 21:29
SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 allow an information disclosure vulnerability due to how web requests are handled, aka "Microsoft SharePoint Information Disclosure Vulnerability".
Categories: Security News

Pages