USN-6958-1: Libcroco vulnerabilities
It was discovered that Libcroco was incorrectly accessing data structures when reading bytes from memory, which could cause a heap buffer overflow. An attacker could...
USN-6950-3: Linux kernel (Oracle) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the...
Microsoft PlayReady WMRMECC256 Key / root key issue (attack #5)
Posted by Security Explorations on Aug 13 Hello All, There is an architectural / design issue of PlayReady, which can be successfully exploited to gain...
USN-6954-1: QEMU vulnerabilities
Markus Frank and Fiona Ebner discovered that QEMU did not properly handle certain memory operations, leading to a NULL pointer dereference. An authenticated user could...
ZDI-24-1148: Microsoft Office PowerPoint PPTX File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office PowerPoint. User interaction is required to exploit this vulnerability in...
ZDI-24-1147: Microsoft Windows 10 WinREUpdateInstaller_2401B_amd64 Link Following Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code...
ZDI-24-1146: Microsoft Windows 10 WinREUpdateInstaller DLL Hijacking Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code...
ZDI-24-1145: Microsoft Office Visio VSDX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Visio. User interaction is required to exploit this vulnerability in...
ZDI-24-1144: Adobe Substance 3D Stager SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability...
ZDI-24-1143: Adobe Dimension SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that...