A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file.

An information disclosure vulnerability has been reported in Microsoft Internet Explorer and EDGE browsers. The vulnerability is due to improperly handling requests for module resources. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Internet Explorer or EDGE.

An elevation of privilege vulnerability exists in Microsoft Windows Server. The vulnerability is caused when Microsoft Windows fails to handle executable programs being ran by two users. A remote attacker can exploit this issue by enticing a victim to run a specially crafted file.

An old vulnerability has been reintroduced in certain versions of the Linux Kernel that could be exploited by local unprivileged users to elevate their default system designated privileges to the higher kernel level privileges. The vulnerability is due to an error that kernel does not zero-extend x86_64 registers in the 32bit entry path on x86_64 platforms. An attacker could elevate their local privilege resulting in a privilege escalation.

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file.

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to an error in the way windows kernel handles session objects in concurrent logins. Successful exploitation may lead to a malicious user gaining access to a victim user’s session.

An elevation of privilege vulnerability exists in Microsoft Windows. A malicious user can bypass a security check in Windows to read and write registry hive files under a hidden registry hive which could enable an elevation of privilege. Successful exploitation could allow an attacker to run arbitrary code or access protected files with elevated privileges.

A command Injection over HTTP vulnerability has been reported. A remote attacker can exploit this issue by sending a specially crafted request to the victim. Successful exploitation would allow an attacker to execute arbitrary code on the target machine.

A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation could allow the attacker to execute arbitrary code in the context of the web server process.

A denial of service vulnerability exists in the Network Time Protocol daemon (NTPD). The vulnerability is due to a null pointer dereference when handling crypto-NAK packets. A remote attacker can exploit this vulnerability by sending an unsolicited crypto-NAK packet to the target service.