(0Day) Maxon Cinema 4D SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP...

Fedora 37 : chromium (2023-6c8de2cd15)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-6c8de2cd15 advisory. update to 115.0.5790.170. Fixes several security issues Tenable has extracted the preceding description block directly from the Fedora security...

PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

Google Chrome Data Forgery Problem Vulnerability (CNVD-2023-65156)

Google Chrome is a web browser from Google, an American company. A data forgery issue vulnerability exists in Google Chrome prior to version 116.0.5845.96, which stems from insufficient data validation of Systems Extensions, and can be exploited by a remote attacker to bypass file restrictions vi...

PDF-XChange Editor JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2023-4369

Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. Chromium security severity: Medium...

Design/Logic Flaw

Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-4369

CVE-2023-4369 affects Google Chrome on ChromeOS prior to 116.0.5845.120. The issue is insufficient data validation in Systems Extensions, which could allow a user who is convinced to install a malicious extension to bypass file restrictions via a crafted HTML page. Connected sources corroborate t...

CVE-2023-4369

Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-4369

Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. Chromium security severity: Medium...

PT-2023-5022 · Google · Google Chrome

Name of the Vulnerable Software and Affected Versions: Google Chrome on ChromeOS versions prior to 116.0.5845.120 Description: The issue is related to insufficient data validation in Systems Extensions in Google Chrome on ChromeOS, which can be exploited by an attacker to bypass file restrictions...

The vulnerability of Microsoft Exchange Server’s mail server, related to insufficient validation of input data, allows attackers to execute arbitrary code.

The vulnerability of Microsoft Exchange Server is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Adobe Substance 3D Stager SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

Adobe Acrobat Reader DC PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

Update your browser: Security fixes for latest Chrome bugs

News, Security Update your browser: Security fixes for latest Chrome bugs Share August 10th, 2023 Hi everyone! Opera, Opera GX, and Opera Crypto Browser have received important updates addressing a number of vulnerabilities and bugs. Among those are the following important vulnerabilities detecte...

(0Day) (Pwn2Own) Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handli...

openSUSE 15 Security Update : chromium (openSUSE-SU-2023:0216-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0216-1 advisory. - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page...

ALPINE-CVE-2023-36054

lib/kadm5/kadmrpcxdr.c in MIT Kerberos 5 aka krb5 before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because xdrkadm5principalentrec does not validate the relationship between nkeydata and the keydata array...