All Vulnerabilities

Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving OpenID Connect clients.
HP Network Node Manager ovspmd.exe Buffer Overflow Vulnerability
 Severity:    
 Date Published:  09 Nov 2016
HP OpenView Network Node Manager (OV NNM) ovw.dll is prone to a buffer overflow vulnerability. A successful exploitation of this vulnerability could allow remote attackers to execute arbitrary code via a long message.
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system.
Microsoft Edge scripting engine is prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
Adobe Acrobat and Reader are prone to an information disclosure vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial of service states.
JBoss Seam Parameterized EL Expressions Remote Code Execution Vulnerability
 Severity:    
 Date Published:  09 Nov 2016
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: The vulnerability exists only when the Java Security Manager is not configured properly.
A remote code execution vulnerability exists in Microsoft Windows PDF library. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user.
Microsoft Windows Elevation Of Privilege Vulnerability
 Severity:    
 Date Published:  09 Nov 2016
An elevation of privilege vulnerability exists in Windows when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode.
A remote code execution vulnerability exists in Microsoft Windows PDF library. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user.
Elevation of privilege vulnerability exists when Microsoft Exchange Server does not properly sanitize page content in Outlook Web App. An attacker could exploit this vulnerability by modifying certain properties within Outlook Web App and then convincing users to browse to the targeted Outlook Web App site. An attacker who successfully exploited this vulnerability could run script in the context of the current user.

Featured Stories