Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Microsoft Failover Cluster Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows Domain Name Service Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows Group Policy Elevation of Privilege Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability
Azure Service Fabric for Linux Remote Code Execution Vulnerability
Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability
Microsoft Exchange Server Security Feature Bypass Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. IBM X-Force ID: 271341.
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability
Windows DNS Server Remote Code Execution Vulnerability
Microsoft Exchange Remote Code Execution Vulnerability
A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD). To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it. The update addresses this vulnerability by changing how the KDC validates service tickets used with KCD.
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481.
Windows DNS Server Remote Code Execution Vulnerability
This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function.
Windows Kerberos Elevation of Privilege Vulnerability
IBM Jazz Reporting Service 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated privileged user to impersonate another user on the system.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA remerge method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7347.
Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Adobe InDesign version 16.4 (and earlier) is affected by a use-after-free vulnerability in the processing of a JPEG2000 file that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8162.
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7701.
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .