A remote code execution vulnerability exists in Pivotal Spring Security OAuth. The vulnerability is caused when processing authorization requests using the whitelabel views and when the response_type parameter value is executed as Spring SpEL. This enables a malicious user to trigger remote code execution via the crafting of the value for response_type.

A file upload vulnerability exists in Getsimple CMS v3.3.10. The vulnerability allows authenticated users with low privileged accounts to upload files to the uploads directory. Malicious users can exploit this vulnerability to upload and run arbitrary code from the uploads directory.

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file, potentially leading to to arbitrary code execution.

A file upload vulnerability exists in Teampass v2.1.26. The vulnerability allows authenticated users with low privileged accounts to upload files to the files directory in the webroot. Malicious users can exploit this vulnerability to upload and run arbitrary code from the files directory.

A denial-of-service vulnerability exists in OpenSSL. The vulnerability, AKA SSL Death Alert, is due to improper handling of warning packets by the function ssl3_read_bytes(). A remote, unauthenticated attacker can exploit this vulnerability by repeatedly sending SSL Alert Warning records during the handshake. Successful exploitation will cause the excessive resource consumption on the server.

A denial-of-service vulnerability exists in Microsoft Windows. The vulnerability is due to a failure to properly process crafted requests.A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target system and cause the lsass.exe process to terminate, resulting in a non-responsive system.

A denial-of-service vulnerability exists in OpenSSL. A remote, unauthenticated attacker can send *-CHACHA20-POLY1305 ciphersuites with corrupted larger payloads and create a denial of service condition. This vulnerability is not considered to be exploitable beyond a denial of service.

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file.

A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an affected version of Flash Player.

A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an affected version of Flash Player.