Mail attachment containing a malicious downloader was observed as part of ransomware campaigns. A remote attacker could send spam e-mails including those downloaders and convince users to manually enable them. This would allow the malicious code to run and infect the target system.

A denial-of-service vulnerability has been reported in IBM WebSphere Application Server. The vulnerability is due to improper validation of SIP messages. A remote, unauthenticated attacker can exploit this vulnerability by sending crafted SIP messages to the target server. Successful exploitation results in a denial-of-service condition.

A security bypass vulnerability exists in Adobe Flash Player. The vulnerability is due to insufficient security restrictions while handling specially crafted URL of a HTTP request to SWF file. Successful exploitation could lead to information disclosure.

A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file.

Microsoft Office Publisher files might contain a malicious downloader. A remote attacker could send spam e-mails including those downloaders, and use social engineering in order to convince users to manually enable them. This would allow the malicious code to run and infect the target system.

A code execution vulnerability exists in MySQL database server. Successful exploitation could allow a remote attacker to shut down the database, modify its content, or execute arbitrary code on the affected servers.

A memory corruption vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file.

An old vulnerability has been reintroduced in certain versions of the Linux Kernel that could be exploited by local unprivileged users to elevate their default system designated privileges to the higher kernel level privileges. The vulnerability is due to an error that kernel does not zero-extend x86_64 registers in the 32bit entry path on x86_64 platforms. An attacker could elevate their local privilege resulting in a privilege escalation.

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file.

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is due to an error in the way windows kernel handles session objects in concurrent logins. Successful exploitation may lead to a malicious user gaining access to a victim user’s session.