CVE-2019-16471 Use-After-Free in app.measureDialog - Tianfu Cup

Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2019-16471

Adobe Acrobat Reader (Windows/macOS) versions 2019.021.20056 and earlier are affected by a Use After Free vulnerability that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file). Affects multiple CVEs i...

Adobe Reader < 2015.006.30508 / 2017.011.30156 / 2019.021.20058 Multiple Vulnerabilities (APSB19-55)

The version of Adobe Reader installed on the remote Windows host is a version prior to 2015.006.30508, 2017.011.30156, or 2019.021.20058. It is, therefore, affected by multiple vulnerabilities. - Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier,...

Adobe Acrobat < 2015.006.30508 / 2017.011.30156 / 2019.021.20058 Multiple Vulnerabilities (APSB19-55)

The version of Adobe Acrobat installed on the remote Windows host is a version prior to 2015.006.30508, 2017.011.30156, or 2019.021.20058. It is, therefore, affected by multiple vulnerabilities. - Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier,...

Adobe Acrobat DC (Continuous) Security Updates (APSB19-55) - Mac OS X

Adobe Acrobat DC Continuous Track is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Adobe Acrobat 2017 Security Updates (APSB19-55) - Windows

Adobe Acrobat 2017 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:acrobat";...

Adobe Reader DC (Continuous) Security Updates (APSB19-55) - Windows

Adobe Reader DC Continuous is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

KLA11676 Multiple vulnerabilities in Adobe Acrobat

Multiple vulnerabilities were found in Adobe Acrobat. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: 1. Buffer errors vulnerability can be exploited to execute arbitrary code. 2. Use After Free vulnerability can be exploit...

openSUSE: Security Advisory for rubygem-rack (openSUSE-SU-2019:1553-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : rubygem-rack (openSUSE-2019-1553)

This update for rubygem-rack fixes the following issues : Security issued fixed : - CVE-2018-16471: Fixed a cross-site scripting vulnerability via 'scheme' method bsc1116600. This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

SUSE-SU-2019:1440-1 Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: Security issued fixed: - CVE-2018-16471: Fixed a cross-site scripting vulnerability via 'scheme' method bsc1116600...

CVE-2017-16471

...

CVE-2017-16471

CVE-2017-16471 is rejected/not active; does not represent an active vulnerability entry.

Fedora 29 : 1:rubygem-rack (2018-e8ff8b7f8e)

Buffer size in multipart parser allows for denial of service CVE-2018-16470. - Cross-site scripting XSS via scheme method on Rack::Request CVE-2018-16471. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...

Fedora 28 : 1:rubygem-rack (2018-02e965a729)

Buffer size in multipart parser allows for denial of service CVE-2018-16470. - Cross-site scripting XSS via scheme method on Rack::Request CVE-2018-16471. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...

[SECURITY] [DLA 1585-1] ruby-rack security update

Package : ruby-rack Version : 1.5.2-3+deb8u2 CVE ID : CVE-2018-16471 Debian Bug : 913005 It was discovered that there was an XSS vulnerability in the ruby-rack web-server library. A malicious request could impact the HTTP/HTTPS scheme being returned to the underlying application. For Debian 8...

MGASA-2018-0449 Updated ruby-rack packages fix security vulnerability

There is a possible XSS vulnerability in Rack. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request.Applications that expect the scheme to be limited to "http" or "https" and do not escape the return value could be vulnerable to an XSS attack CVE-2018-1647...

CVE-2018-16471

CVE-2018-16471 (Rack XSS) Affected: Rack up to versions before 2.0.6 and 1.6.11. Issue: crafted requests can affect Rack::Request.scheme return value, enabling cross-site scripting if the value is not escaped by the app. Impact: potential XSS in apps that rely on Rack::Request.scheme without esca...

CVE-2018-16471

There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an...

CVE-2018-16471

There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an...