Out-of-bounds

Insufficient data validation in V8 builtins string generator could lead to out of bounds read and write access in V8 in Google Chrome prior to 62.0.3202.94 and allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

Command injection

Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page...

CVE-2017-15403

Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page...

UBUNTU-CVE-2017-15428

Insufficient data validation in V8 builtins string generator could lead to out of bounds read and write access in V8 in Google Chrome prior to 62.0.3202.94 and allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

CVE-2016-10403

Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file...

CVE-2017-15403

Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page...

CVE-2017-15403

Insufficient data validation in crosh could lead to a command injection under chronos privileges in Networking in Google Chrome on Chrome OS prior to 61.0.3163.113 allowed a local attacker to execute arbitrary code via a crafted HTML page...

CVE-2017-15403

CVE-2017-15403 affects Chrome OS crosh networking (network_diag) due to insufficient data validation, enabling local command injection under chronos privileges via a crafted HTML page. Affected platforms include Chrome OS before 61.0.3163.113. Google Chrome OS update 61.0.3163.113 (stable channel...

CVE-2017-15428

CVE-2017-15428 affects Google Chrome’s V8 engine, specifically the builtins string generator, where insufficient data validation can lead to out-of-bounds read/write. A crafted HTML page could allow a remote attacker to execute arbitrary code inside the browser sandbox on versions prior to 62.0.3...

CVE-2016-10403

CVE-2016-10403 affects Google Chrome's PDFium component in the browser before version 51.0.2704.63, where insufficient data validation on image data can allow a remote attacker to cause an out-of-bounds memory read by a specially crafted PDF file. Documents corroborate a memory-read impact (confi...

CVE-2017-15428

Insufficient data validation in V8 builtins string generator could lead to out of bounds read and write access in V8 in Google Chrome prior to 62.0.3202.94 and allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

CVE-2016-10403

Removed by vendor...

CVE-2017-15428

Removed by vendor...

Horner Automation Cscape CSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Horner Automation Cscape. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-20331

Local attackers can trigger a Kernel Pool Buffer Overflow in Antiy AVL ATool v1.0.0.22. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x80002004 by the...

Microsoft Windows gdiplus GdipGetWinMetaFileBitsEx Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Acrobat Pro DC EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

The vulnerability of the SVG vector graphics rendering library, librsvg, related to a data input validation error, allows attackers to trigger a service failure.

The vulnerability of the SVG vector graphics rendering library is related to an error in data input validation. This error may allow a hacker to intercept the Windows user’s password and NTLM credentials via the SMB protocol. Exploiting this vulnerability could enable a remote attacker to gain...

Microsoft Office Excel XLS File Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

Adobe Reader DC Onix NextKey Integer Underflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...