An elevation of privilege vulnerability exists in Windows Kernel. The vulnerability is caused when the Windows kernel-mode driver fails to properly handle objects in memory. A remote attacker can exploit this vulnerability by running a specially crafted application.

Security feature bypass exists in Microsoft Edge. The vulnerability is due to a breach in the way Microsoft Edge implements SOP (Same Origin Policy) for HTML elements present in other browser windows. A remote attacker could exploit this vulnerability by enticing a user to visit a maliciously crafted web-page. Successful exploitation of this vulnerability would allow an attacker to bypass the same origin policy and disclose sensitive information.

A remote code execution vulnerability exists in Microsoft Windows. The vulnerability is due to the way Windows Uniscribe handles objects in the memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file.

An elevation of privilege vulnerability exists in the Windows kernel-mode driver. The vulnerability is due to the way the driver fails to properly handle objects in memory. An attacker can exploit this vulnerability by logging on to the system and running a specially crafted application.

A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to the way the Windows Uniscribe handles objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted website.

A remote code execution vulnerability exists in the Apache Struts2 using Jakarta multipart parser. An attacker could exploit this vulnerability by sending an invalid content-type as part of a file upload request. Successful exploitation could result in execution of arbitrary code on the affected system.

Mail attachment containing a malicious html file was observed as part of recent campaigns. A remote attacker could send spam e-mails including those html and redirects users to manually download malicious files.

An arbitrary write vulnerability exists in the PDF parser functionality of Oracle Outside In Technology SDK. A specially crafted PDF document can cause a parser confusion resulting in an arbitrary write vulnerability ultimately leading to code execution.

An SQL injection vulnerability has been reported in Advantech WebAccess. The vulnerability is due to insufficient validation of the template parameter in HTTP request sent to the updateTemplate.aspx. A remote attacker could exploit this vulnerability by sending a HTTP request with a malicious SQL query to the target server. Successful exploitation could allow the attacker to access and modify potentially sensitive information.

An insecure deserialization vulnerability has been reported in HPE Operations Orchestration. The vulnerability is due to the deserialization of untrusted data in several servlets used for backwards compatibility with older API versions. A remote, unauthenticated attacker can exploit this vulnerability by sending crafted serialized data to the target application.