An SQL injection vulnerability exists in Dell SonicWALL Universal Management Suite. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request. Successful exploitation of this vulnerability can lead to arbitrary code execution in the context of SYSTEM on the target host.

A directory traversal vulnerability exists in CA Unified Infrastructure Management. The vulnerability is due to insufficient input validation while processing HTTP requests sent to the download_lar.jsp. A remote unauthenticated attacker can exploit this vulnerability by sending a malicious request to the vulnerable server. Successful exploitation results in arbitrary file download from the target server.

A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows Uniscribe handles objects in the memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted ttf file.

An elevation of privilege vulnerability exists in the Windows Installer. The vulnerability is due to the Windows Installer failing to properly sanitize input leading to an insecure library loading behavior. A attacker could run arbitrary code with elevated system privileges.

An Out-of-Bounds-Read vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this vulnerability by enticing a victim to open a specially crafted file that could grant an attacker remote code execution.

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is caused when the Windows kernel-mode fails to properly handle objects in memory. Successful exploitation would lead to write access violation.

A denial of service vulnerability has been reported in the Edge Side Includes (ESI) component of the Squid proxy. The vulnerability is due to incorrect pointer handling when processing ESI responses. A remote attacker could exploit this vulnerability by sending crafted ESI response data to the target system.

An information disclosure vulnerability was discovered in Microsoft Edge. The vulnerability is due to an improper content validation under specific conditions in Microsoft Browser XSS Filter. An attacker who exploited the vulnerability could run arbitrary JavaScript that could lead to an information disclosure.

A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to a memory corruption when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory corruption in a way that would allow attackers to execute code on the target system.

An information disclosure vulnerability has been reported in Windows Crypto driver running in kernel mode improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user system.