140 matches found
PT-2022-11609 · Unknown · Visam Vbase
Name of the Vulnerable Software and Affected Versions: VISAM VBASE version 11.6.0.6 Description: The issue arises when VISAM VBASE processes an XML document containing XML entities with URIs that resolve to documents outside of the intended sphere of control. This causes the product to embed...
Adobe Acrobat和Adobe Acrobat Reader 缓冲区错误漏洞
Adobe Acrobat and Adobe Acrobat Reader are both products of the United States Ordoby Adobe.Adobe Acrobat is a set of PDF file editing and conversion tools.Adobe Acrobat Reader is a PDF viewer. The software is used to print, sign and annotate PDF. Adobe Acrobat and Adobe Reader has a buffer overfl...
Adobe Acrobat和Adobe Reader 缓冲区错误漏洞
Adobe Acrobat and Adobe Reader are the United States of America Odo than Adobe company's products. Adobe Acrobat is a set of PDF file editing and conversion tools. Adobe Reader is a set of PDF document reading software. Adobe Acrobat and Adobe Reader has a buffer overflow vulnerability, the...
The vulnerability of the library for viewing, printing, rendering, creating, and processing PDF files. The PDFTron SDK software from Autodesk allows a perpetrator to execute arbitrary code.
The vulnerability of the PDFTron SDK software’s library for viewing, printing, rendering, creating, and processing PDF files is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code in the context of the current...
expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...
expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...
Vulnerabilities fixed in Autodesk products
Vulnerabilities have been fixed in several Autodesk products. The vulnerabilities potentially allow a malicious person to execute code under the application's permissions. To exploit requires a malicious party to trick a user into opening a rogue file open. The vulnerabilities are in two modules...
Remote Code Execution (RCE)
ruby-jss is vulnerable to remote code execution. The vulnerability exists due to the lack of validation which allows an attacker to execute scripts on the Plist when using Marshal.load during XML document processing...
Remote code execution in ruby-jss
The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...
GHSA-VMFH-C547-V45H Remote code execution in ruby-jss
The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...
Remote code execution in ruby-jss
The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...
OpenCats 0.9.4-2 XML Injection
Exploit Title: OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection XXE Date: 2021-09-20 Exploit Author: Jake Ruston Vendor Homepage: https://opencats.org Software Link: https://github.com/opencats/OpenCATS/releases/download/0.9.4-2/opencats-0.9.4-2-full.zip Version: w:document...
Adobe Framemaker out-of-bounds read vulnerability
Adobe FrameMaker is a document processing program used to write and edit large or complex documents, including structured documents.An out-of-bounds read vulnerability exists in Adobe Framemaker 2019 Update 8, 2020 Release Update 2 and earlier versions. An attacker could exploit this vulnerabilit...
Adobe Framemaker out-of-bounds write vulnerability (CNVD-2021-55967)
Adobe FrameMaker is a document processing program used to write and edit large or complex documents, including structured documents.An out-of-bounds write vulnerability exists in Adobe Framemaker. An attacker could exploit this vulnerability to execute arbitrary code...
CVE-2021-33575
The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...
CVE-2021-33575
The CVE affects the Pixar ruby-jss gem prior to 1.6.0. Affected component is ruby-jss which processes XML via the Plist gem, whose documented behavior uses Marshal.load, enabling remote code execution. Reported by multiple sources (Red Hat, OSV, NVD, Snyk, RubyGems advisories). Impact is rated hi...
CVE-2021-33575
The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...
CVE-2020-28587
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. An attacker can entice the victim to open a document to...
Amazon Linux 2 : xerces-c (ALAS-2020-1415)
The version of xerces-c installed on the remote host is prior to 3.1.1-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1415 advisory. A use-after-free vulnerability was found in xerces-c in the way an XML document is processed via the SAX API. Applications that...
WPS Office Campus Edition suffers from dll hijacking vulnerability
WPS Office Campus Edition is for campuses, teachers, students and other educational users, adding the team function of cloud documents, adding LaTeX formulas, geometric diagrams, mind maps and other professional drawing tools, combining with AI technology, adding thesis checking, super resume,...