An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys)
The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL.
This module crashes the target machine producing a blue screen by sending a malformed RDP packet to the 3389/TCP port.
The TarArchive class blindly extracts tar archives without checking for directory traversals. An attacker can leverage this vulnerability to execute code in the system.
The Widget Connector macro in Atlassian Confluence Server allows remote attackers to achieve path traversal and remote code execution via server-side template injection.
This module exploits a vulnerability in Panda Antivirus, executing crafted files witout checking.
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys)
A Memory corruption vulnerability exists in the Windows Client DHCP service when an attacker sends specially crafted DHCP responses to a client.
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.