A denial of service vulnerability exists in Windows. The vulnerability is due to the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker can successfully exploit this vulnerability which could cause a denial of service on the target system and could trigger an automatic reboot of the system.

File Upload vulnerability exist in D-Link network cameras. The vulnerability is due to a hidden webpage on the device that allows an attacker to upload arbitrary files from the attackers system. By allowing the attacker to specify the file location to write on the device, the attacker has the ability to upload new functionality.

An out-of-bounds read vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to improper handling of JPEG2000 images, and could be used to gain sensitive information that may help in further attacks. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted webpage or PDF document.

A vulnerability in the Winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have additional impact via a request to download the router’s DLLs or plugins.

A reconnaissance tool is designed to gather information from servers. Such scans might indicate an attempt to disclose sensitive information. Remote attackers can use Netsparker to detect vulnerabilities on a target server.

An integer overflow vulnerability exists in memcached. This vulnerability is due to a lack of bounds checking in the process_bin_append_prepend function while processing commands that append or prepend data to existing key-value pairs. A remote unauthenticated attacker can exploit these vulnerabilities by sending a specially crafted packet to memcached.

A privilege escalation vulnerability exists in Microsoft SQL Server. The vulnerability is due to the improper handling of a SQL query containing a UNC path. A remote, authenticated attacker can exploit the vulnerability by sending a crafted SQL request to the server. Successful exploitation could allow an attacker to gain the password hashes of the account used to run the server service.

An integer underflow vulnerability exists in the Memcached binary protocol. This vulnerability is due to a lack of bounds checking in the process_bin_sasl_auth function. A remote unauthenticated attacker can exploit these vulnerabilities by sending a specially crafted packet to memcached that can lead to a buffer overflow and possible code execution in the context of the user.

A remote command execution vulnerability exists in Trend Micro Smart Protection Server. The vulnerability is due to insufficient validation of user-supplied input. A remote, authenticated attacker could exploit this vulnerability by sending a crafted input to the vulnerable system that could lead to arbitrary command execution under the security context of system.

An XML external entity (XXE) processing vulnerability has been reported in Trend Micro Control Manager. The vulnerability is due to lack of validation of user-supplied input prior to executing an XML query. A remote, authenticated attacker could exploit this vulnerability by sending a malicious HTTP request to the target system.