Lucene search
+L

84 matches found

threatpost
threatpost
added 2018/02/27 12:46 p.m.33 views

Remote Code Execution Bug Patched in Adobe Acrobat Reader DC

Researchers at Cisco Talos are detailing a remote code execution vulnerability found in Adobe Acrobat Reader DC that can be triggered when a malicious file is opened or a victim accesses a rigged webpage. According to Talos, the vulnerability CVE-2018-4901 was disclosed on Dec. 7 and Adobe issued...

6.8CVSS1.4AI score0.16483EPSS
Exploits0References4
nvd
nvd
added 2018/02/27 5:29 a.m.17 views

CVE-2018-4901

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the docume...

8.8CVSS8.8AI score0.16483EPSS
Exploits0References3
cve
cve
added 2018/02/27 5:0 a.m.73 views

CVE-2018-4901

CVE-2018-4901 affects Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier. The issue is caused by a computation that writes data past the end of the intended buffer within the document identity representation, described as a buffer overflow ...

8.8CVSS9.2AI score0.16483EPSS
Exploits0References3Affected Software4
openvas
openvas
added 2018/02/15 12:0 a.m.38 views

Adobe Acrobat Reader DC (Continuous Track) Multiple Vulnerabilities (APSB18-02) - Windows

Adobe Acrobat Reader DC Continuous Track is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

10CVSS8.2AI score0.43418EPSS
Exploits0References1
nessus
nessus
added 2018/02/15 12:0 a.m.85 views

Adobe Acrobat < 2015.006.30413 / 2017.011.30078 / 2018.011.20035 Multiple Vulnerabilities (APSB18-02)

The version of Adobe Acrobat installed on the remote Windows host is a version prior to 2015.006.30413, 2017.011.30078, or 2018.011.20035. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's...

10CVSS6.9AI score0.43418EPSS
Exploits0References45
checkpoint_advisories
checkpoint_advisories
added 2018/02/13 12:0 a.m.21 views

Adobe Acrobat and Reader Out-of-bounds write (APSB18-02: CVE-2018-4901)

A vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...

6.8CVSS5.5AI score0.16483EPSS
Exploits0
kaspersky
kaspersky
added 2018/02/13 12:0 a.m.125 views

KLA11193 Multiple vulnerabilities in Adobe Arcobat&Reader

Multiple serious vulnerabilities have been found in Adobe Acrobat and Adobe Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code and gain priveleges. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerabilities can be exploited to execute arbitrary...

10CVSS8.7AI score0.43418EPSS
Exploits0References11
osv
osv
added 2017/06/08 1:29 p.m.3 views

CVE-2017-4901

The drag-and-drop DnD function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion...

9.9CVSS6AI score0.1994EPSS
Exploits5References3
cve
cve
added 2017/06/08 1:0 p.m.205 views

CVE-2017-4901

The CVE-2017-4901 entry relates to VMware Workstation 12.x (before 12.5.4) and VMware Fusion 8.x (before 8.5.5), where the drag-and-drop (DnD) function has an out-of-bounds memory access vulnerability. The cited sources describe a potential for a guest operating system to execute code on the host...

9.9CVSS7.3AI score0.1994EPSS
Exploits5References3Affected Software2
cve
cve
added 2017/05/22 4:0 p.m.57 views

CVE-2016-4901

CVE-2016-4901 describes an untrusted search path vulnerability in the installer for e-Tax Software. The root cause is insecure DLL search path loading, which can allow a Trojan horse DLL placed in a specific directory to be loaded at install time. The impact is arbitrary code execution with the p...

7.8CVSS7.7AI score0.01534EPSS
Exploits0References4Affected Software1
nessus
nessus
added 2017/03/27 12:0 a.m.54 views

VMware Player 12.x < 12.5.4 Drag-and-Drop Feature Guest-to-Host Code Execution (VMSA-2017-0005) (Linux)

The version of VMware Player installed on the remote Linux host is 12.x prior to 12.5.4. It is, therefore, affected by a guest-to-host arbitrary code execution vulnerability in the drag-and-drop DND functionality due to an out-of-bounds memory access error. An attacker within a guest can exploit...

9.9CVSS9.2AI score0.1994EPSS
Exploits5References2
nessus
nessus
added 2017/03/24 12:0 a.m.48 views

VMware Workstation 12.x < 12.5.4 Drag-and-Drop Feature Guest-to-Host Code Execution (VMSA-2017-0005) (Linux)

The version of VMware Workstation installed on the remote Linux host is 12.x prior to 12.5.4. It is, therefore, affected by a guest-to-host arbitrary code execution vulnerability in the drag-and-drop DND functionality due to an out-of-bounds memory access error. An attacker within a guest can...

9.9CVSS8AI score0.1994EPSS
Exploits5References2
nessus
nessus
added 2017/03/24 12:0 a.m.31 views

VMware Workstation 12.x < 12.5.4 Drag-and-Drop Feature Guest-to-Host Code Execution (VMSA-2017-0005)

The version of VMware Workstation installed on the remote Windows host is 12.x prior to 12.5.4. It is, therefore, affected by a guest-to-host arbitrary code execution vulnerability in the drag-and-drop DND functionality due to an out-of-bounds memory access error. An attacker within a guest can...

9.9CVSS9.3AI score0.1994EPSS
Exploits5References2
kaspersky
kaspersky
added 2017/03/14 12:0 a.m.45 views

KLA11037 Arbitrary code execution vulnerability in VMware products

An out-of-bounds memory access vulnerability in the DnD drag-and-drop function was found in VMware Workstation Pro and VMware Workstation Player. By exploiting this vulnerability malicious users can execute arbitrary code on the operating system running VMware Workstation Pro or VMware Workstatio...

9.9CVSS10AI score0.1994EPSS
Exploits5References5
nessus
nessus
added 2016/02/03 12:0 a.m.228 views

openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-106) (SLOTH)

java-180-openjdk was updated to version 7u95 to fix several security issues. bsc962743 The following vulnerabilities were fixed : - CVE-2015-7575: Further reduce use of MD5 SLOTH bsc960996 - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472:...

10CVSS7.2AI score0.14714EPSS
Exploits0References35
opensuse
opensuse
added 2016/01/27 9:14 p.m.50 views

Security update for java-1_8_0-openjdk (critical)

java-180-openjdk was updated to version 7u95 to fix several security issues. bsc962743 The following vulnerabilities were fixed: - CVE-2015-7575: Further reduce use of MD5 SLOTH bsc960996 - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472:...

10CVSS3.7AI score0.14714EPSS
Exploits0References3
nessus
nessus
added 2015/11/05 12:0 a.m.64 views

openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2015-696)

java-180-openjdk was updated to fix 24 security issues. These security issues were fixed : - CVE-2015-4734: A remote user can exploit a flaw in the Embedded JGSS component to partially access data - CVE-2015-4803: A remote user can exploit a flaw in the JRockit JAXP component to cause partial...

10CVSS6.4AI score0.13354EPSS
Exploits0References25
opensuse
opensuse
added 2015/11/04 5:12 p.m.68 views

Security update for java-1_8_0-openjdk (important)

java-180-openjdk was updated to fix 24 security issues. These security issues were fixed: - CVE-2015-4734: A remote user can exploit a flaw in the Embedded JGSS component to partially access data - CVE-2015-4803: A remote user can exploit a flaw in the JRockit JAXP component to cause partial deni...

10CVSS4AI score0.13354EPSS
Exploits0References1
osv
osv
added 2015/10/22 12:0 a.m.2 views

DEBIAN-CVE-2015-4901

Unspecified vulnerability in Oracle Java SE 8u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX...

9.3CVSS8.1AI score0.0422EPSS
Exploits0References1
cve
cve
added 2015/10/21 11:0 p.m.98 views

CVE-2015-4901

CVE-2015-4901 corresponds to an unspecified vulnerability in Oracle Java SE 8u60 affecting the JavaFX component, with impact to confidentiality, integrity, and availability via unknown vectors. Connected sources confirm this CVE within multiple Oracle JRE/JDK vulnerability advisories (e.g., GLSA-...

9.3CVSS3.6AI score0.0422EPSS
Exploits0References7Affected Software2
Rows per page
Query Builder