<![CDATA[ZDI: Published Advisories]]> http://www.zerodayinitiative.com/advisories/published/ Wed Nov 22 21:49:36 2017 +0000 zdi@hp.com (Author) Tippingpoint, all rights reserved ZDI Bird Feeder en http://blogs.law.harvard.edu/tech/rss <![CDATA[ZDI-17-927: Adobe Acrobat Pro DC iframe Same Origin Policy Bypass Information Disclosure Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/8vNbFE9xJ-g/ This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/8vNbFE9xJ-g" height="1" width="1" alt=""/> Tue, 21 Nov 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-927/ <![CDATA[ZDI-17-926: Adobe Photoshop JPEG2000 Use-After-Free Information Disclosure Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/uO4A_IfIzOY/ This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/uO4A_IfIzOY" height="1" width="1" alt=""/> Mon, 20 Nov 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-926/ <![CDATA[ZDI-17-925: Apple macOS nsurlstoraged Integer Overflow Privilege Escalation Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/hPxIsMyOh2c/ This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/hPxIsMyOh2c" height="1" width="1" alt=""/> Mon, 20 Nov 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-925/ <![CDATA[ZDI-17-924: Apple macOS nsurlstoraged Heap-based Buffer Overflow Privilege Escalation Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/qz5v_YucqSA/ This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/qz5v_YucqSA" height="1" width="1" alt=""/> Mon, 20 Nov 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-924/ <![CDATA[ZDI-17-923: systemd Network Name Resolution Manager NSEC Resource Record Pseudo-Types Denial of Service Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/sffK0AVmvL0/ This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of systemd Network Name Resolution Manager. Authentication is not required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/sffK0AVmvL0" height="1" width="1" alt=""/> Mon, 20 Nov 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-923/ <![CDATA[ZDI-17-922: ThinPrint TPView JPEG2000 Parsing Out-Of-Bounds Write Privilege Escalation Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/dQZKALGlIi8/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ThinPrint. An attacker must first obtain the ability to execute low-privileged code on the guest system in order to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/dQZKALGlIi8" height="1" width="1" alt=""/> Mon, 20 Nov 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-922/ <![CDATA[ZDI-17-921: VMware Workstation NAT IP Fragment Reassembly Heap-based Buffer Overflow Privilege Escalation Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/zkZ9O-m9ues/ This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/zkZ9O-m9ues" height="1" width="1" alt=""/> Tue, 21 Nov 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-921/ <![CDATA[ZDI-17-920: Apple Safari Node Use-After-Free Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/1sPRFdgCtRs/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/1sPRFdgCtRs" height="1" width="1" alt=""/> Mon, 20 Nov 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-920/ <![CDATA[ZDI-17-919: EMC Unisphere For VMAX vApp Manager ORBServlet Remote Credential Creation Information Disclosure Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/PUfNOoP96ug/ This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of EMC Unisphere For VMAX vApp Manager. Authentication is not required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/PUfNOoP96ug" height="1" width="1" alt=""/> Mon, 20 Nov 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-919/ <![CDATA[ZDI-17-918: Cisco Prime Network Analysis Module graph sfile Parameter Directory Traversal Arbitrary File Deletion Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/CnHlnzguj2A/ This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Cisco Prime Network Analysis Module. Authentication is not required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/CnHlnzguj2A" height="1" width="1" alt=""/> Mon, 20 Nov 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-918/