Lucene search
K

140 matches found

Positive Technologies
Positive Technologies
added 2022/07/27 12:0 a.m.5 views

PT-2022-11609 · Unknown · Visam Vbase

Name of the Vulnerable Software and Affected Versions: VISAM VBASE version 11.6.0.6 Description: The issue arises when VISAM VBASE processes an XML document containing XML entities with URIs that resolve to documents outside of the intended sphere of control. This causes the product to embed...

7.5CVSS7.8AI score0.00433EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/13 12:0 a.m.5 views

Adobe Acrobat和Adobe Acrobat Reader 缓冲区错误漏洞

Adobe Acrobat and Adobe Acrobat Reader are both products of the United States Ordoby Adobe.Adobe Acrobat is a set of PDF file editing and conversion tools.Adobe Acrobat Reader is a PDF viewer. The software is used to print, sign and annotate PDF. Adobe Acrobat and Adobe Reader has a buffer overfl...

5.5CVSS6.1AI score0.02964EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/07/13 12:0 a.m.5 views

Adobe Acrobat和Adobe Reader 缓冲区错误漏洞

Adobe Acrobat and Adobe Reader are the United States of America Odo than Adobe company's products. Adobe Acrobat is a set of PDF file editing and conversion tools. Adobe Reader is a set of PDF document reading software. Adobe Acrobat and Adobe Reader has a buffer overflow vulnerability, the...

7.8CVSS6.5AI score0.0488EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2022/06/23 12:0 a.m.5 views

The vulnerability of the library for viewing, printing, rendering, creating, and processing PDF files. The PDFTron SDK software from Autodesk allows a perpetrator to execute arbitrary code.

The vulnerability of the PDFTron SDK software’s library for viewing, printing, rendering, creating, and processing PDF files is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code in the context of the current...

7.8CVSS7.8AI score0.00483EPSS
Exploits0References3Affected Software2
RedHat Linux
RedHat Linux
added 2022/03/28 9:49 a.m.3 views

expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

9.8CVSS7.5AI score0.04955EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/03/14 10:7 a.m.3 views

expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

9.8CVSS7.5AI score0.04955EPSS
Exploits0References5
NCSC
NCSC
added 2021/12/10 12:0 a.m.46 views

Vulnerabilities fixed in Autodesk products

Vulnerabilities have been fixed in several Autodesk products. The vulnerabilities potentially allow a malicious person to execute code under the application's permissions. To exploit requires a malicious party to trick a user into opening a rogue file open. The vulnerabilities are in two modules...

7.8CVSS7.2AI score0.0154EPSS
Exploits0
Veracode
Veracode
added 2021/10/07 4:20 a.m.15 views

Remote Code Execution (RCE)

ruby-jss is vulnerable to remote code execution. The vulnerability exists due to the lack of validation which allows an attacker to execute scripts on the Plist when using Marshal.load during XML document processing...

9.8CVSS3.6AI score0.02603EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/06 5:48 p.m.45 views

Remote code execution in ruby-jss

The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...

9.8CVSS9.6AI score0.02603EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/10/06 5:48 p.m.12 views

GHSA-VMFH-C547-V45H Remote code execution in ruby-jss

The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...

9.8CVSS9.8AI score0.02603EPSS
Exploits0References6
RubySec
RubySec
added 2021/10/06 12:0 a.m.20 views

Remote code execution in ruby-jss

The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...

9.8CVSS7.3AI score0.02603EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2021/09/22 12:0 a.m.164 views

OpenCats 0.9.4-2 XML Injection

Exploit Title: OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection XXE Date: 2021-09-20 Exploit Author: Jake Ruston Vendor Homepage: https://opencats.org Software Link: https://github.com/opencats/OpenCATS/releases/download/0.9.4-2/opencats-0.9.4-2-full.zip Version: w:document...

7.5CVSS7.6AI score0.23849EPSS
Exploits3
CNVD
CNVD
added 2021/09/15 12:0 a.m.21 views

Adobe Framemaker out-of-bounds read vulnerability

Adobe FrameMaker is a document processing program used to write and edit large or complex documents, including structured documents.An out-of-bounds read vulnerability exists in Adobe Framemaker 2019 Update 8, 2020 Release Update 2 and earlier versions. An attacker could exploit this vulnerabilit...

4.3CVSS4AI score0.01453EPSS
Exploits0References1
CNVD
CNVD
added 2021/07/14 12:0 a.m.25 views

Adobe Framemaker out-of-bounds write vulnerability (CNVD-2021-55967)

Adobe FrameMaker is a document processing program used to write and edit large or complex documents, including structured documents.An out-of-bounds write vulnerability exists in Adobe Framemaker. An attacker could exploit this vulnerability to execute arbitrary code...

9.3CVSS3.5AI score0.02323EPSS
Exploits0References1
OSV
OSV
added 2021/05/25 11:15 p.m.22 views

CVE-2021-33575

The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...

9.8CVSS8AI score
Exploits0References2
CVE
CVE
added 2021/05/25 10:52 p.m.103 views

CVE-2021-33575

The CVE affects the Pixar ruby-jss gem prior to 1.6.0. Affected component is ruby-jss which processes XML via the Plist gem, whose documented behavior uses Marshal.load, enabling remote code execution. Reported by multiple sources (Red Hat, OSV, NVD, Snyk, RubyGems advisories). Impact is rated hi...

9.8CVSS9.8AI score0.02603EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/05/25 10:52 p.m.41 views

CVE-2021-33575

The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...

10AI score0.02603EPSS
Exploits0References2
OSV
OSV
added 2021/02/23 7:15 p.m.4 views

CVE-2020-28587

A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. An attacker can entice the victim to open a document to...

7.8CVSS7.5AI score0.00949EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2020/04/24 12:0 a.m.34 views

Amazon Linux 2 : xerces-c (ALAS-2020-1415)

The version of xerces-c installed on the remote host is prior to 3.1.1-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1415 advisory. A use-after-free vulnerability was found in xerces-c in the way an XML document is processed via the SAX API. Applications that...

8.1CVSS7.9AI score0.09503EPSS
Exploits0References3
CNVD
CNVD
added 2020/03/10 12:0 a.m.1 views

WPS Office Campus Edition suffers from dll hijacking vulnerability

WPS Office Campus Edition is for campuses, teachers, students and other educational users, adding the team function of cloud documents, adding LaTeX formulas, geometric diagrams, mind maps and other professional drawing tools, combining with AI technology, adding thesis checking, super resume,...

7.1AI score
Exploits0
Rows per page
Query Builder