84 matches found
Remote Code Execution Bug Patched in Adobe Acrobat Reader DC
Researchers at Cisco Talos are detailing a remote code execution vulnerability found in Adobe Acrobat Reader DC that can be triggered when a malicious file is opened or a victim accesses a rigged webpage. According to Talos, the vulnerability CVE-2018-4901 was disclosed on Dec. 7 and Adobe issued...
CVE-2018-4901
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the docume...
CVE-2018-4901
CVE-2018-4901 affects Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier. The issue is caused by a computation that writes data past the end of the intended buffer within the document identity representation, described as a buffer overflow ...
Adobe Acrobat Reader DC (Continuous Track) Multiple Vulnerabilities (APSB18-02) - Windows
Adobe Acrobat Reader DC Continuous Track is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Adobe Acrobat < 2015.006.30413 / 2017.011.30078 / 2018.011.20035 Multiple Vulnerabilities (APSB18-02)
The version of Adobe Acrobat installed on the remote Windows host is a version prior to 2015.006.30413, 2017.011.30078, or 2018.011.20035. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's...
Adobe Acrobat and Reader Out-of-bounds write (APSB18-02: CVE-2018-4901)
A vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
KLA11193 Multiple vulnerabilities in Adobe Arcobat&Reader
Multiple serious vulnerabilities have been found in Adobe Acrobat and Adobe Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code and gain priveleges. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerabilities can be exploited to execute arbitrary...
CVE-2017-4901
The drag-and-drop DnD function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion...
CVE-2017-4901
The CVE-2017-4901 entry relates to VMware Workstation 12.x (before 12.5.4) and VMware Fusion 8.x (before 8.5.5), where the drag-and-drop (DnD) function has an out-of-bounds memory access vulnerability. The cited sources describe a potential for a guest operating system to execute code on the host...
CVE-2016-4901
CVE-2016-4901 describes an untrusted search path vulnerability in the installer for e-Tax Software. The root cause is insecure DLL search path loading, which can allow a Trojan horse DLL placed in a specific directory to be loaded at install time. The impact is arbitrary code execution with the p...
VMware Player 12.x < 12.5.4 Drag-and-Drop Feature Guest-to-Host Code Execution (VMSA-2017-0005) (Linux)
The version of VMware Player installed on the remote Linux host is 12.x prior to 12.5.4. It is, therefore, affected by a guest-to-host arbitrary code execution vulnerability in the drag-and-drop DND functionality due to an out-of-bounds memory access error. An attacker within a guest can exploit...
VMware Workstation 12.x < 12.5.4 Drag-and-Drop Feature Guest-to-Host Code Execution (VMSA-2017-0005) (Linux)
The version of VMware Workstation installed on the remote Linux host is 12.x prior to 12.5.4. It is, therefore, affected by a guest-to-host arbitrary code execution vulnerability in the drag-and-drop DND functionality due to an out-of-bounds memory access error. An attacker within a guest can...
VMware Workstation 12.x < 12.5.4 Drag-and-Drop Feature Guest-to-Host Code Execution (VMSA-2017-0005)
The version of VMware Workstation installed on the remote Windows host is 12.x prior to 12.5.4. It is, therefore, affected by a guest-to-host arbitrary code execution vulnerability in the drag-and-drop DND functionality due to an out-of-bounds memory access error. An attacker within a guest can...
KLA11037 Arbitrary code execution vulnerability in VMware products
An out-of-bounds memory access vulnerability in the DnD drag-and-drop function was found in VMware Workstation Pro and VMware Workstation Player. By exploiting this vulnerability malicious users can execute arbitrary code on the operating system running VMware Workstation Pro or VMware Workstatio...
openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-106) (SLOTH)
java-180-openjdk was updated to version 7u95 to fix several security issues. bsc962743 The following vulnerabilities were fixed : - CVE-2015-7575: Further reduce use of MD5 SLOTH bsc960996 - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472:...
Security update for java-1_8_0-openjdk (critical)
java-180-openjdk was updated to version 7u95 to fix several security issues. bsc962743 The following vulnerabilities were fixed: - CVE-2015-7575: Further reduce use of MD5 SLOTH bsc960996 - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472:...
openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2015-696)
java-180-openjdk was updated to fix 24 security issues. These security issues were fixed : - CVE-2015-4734: A remote user can exploit a flaw in the Embedded JGSS component to partially access data - CVE-2015-4803: A remote user can exploit a flaw in the JRockit JAXP component to cause partial...
Security update for java-1_8_0-openjdk (important)
java-180-openjdk was updated to fix 24 security issues. These security issues were fixed: - CVE-2015-4734: A remote user can exploit a flaw in the Embedded JGSS component to partially access data - CVE-2015-4803: A remote user can exploit a flaw in the JRockit JAXP component to cause partial deni...
DEBIAN-CVE-2015-4901
Unspecified vulnerability in Oracle Java SE 8u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX...
CVE-2015-4901
CVE-2015-4901 corresponds to an unspecified vulnerability in Oracle Java SE 8u60 affecting the JavaFX component, with impact to confidentiality, integrity, and availability via unknown vectors. Connected sources confirm this CVE within multiple Oracle JRE/JDK vulnerability advisories (e.g., GLSA-...