CVE-2021-31804

LeoCAD before 21.03 sometimes allows a use-after-free during the opening of a new document...

CVE-2021-21797

An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a reference to a timeout object to be stored in two different places. When closed, the document will result in the reference being released twice. This can lea...

libreoffice: Empty entry in Java class path

A flaw was found in LibreOffice. When an empty Java class path entry is configured, LibreOffice will search for Java classes in the current working directory, allowing malicious Java classes to load when opening a document using the file manager, resulting in arbitrary code execution...

SUSE CVE-2018-12392

When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3...

Description of the security update for SharePoint Enterprise Server 2016: January 11, 2022 (KB5002113)

Description of the security update for SharePoint Enterprise Server 2016: January 11, 2022 KB5002113 Summary This security update resolves a Microsoft Word remote code execution vulnerability, Microsoft Office remote code execution vulnerability, and Microsoft SharePoint Server remote code...

Double free

LeoCAD before 21.03 sometimes allows a use-after-free during the opening of a new document...

CVE-2021-31804

LeoCAD before 21.03 sometimes allows a use-after-free during the opening of a new document...

CVE-2018-4040

An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a pointer that has been uninitialized and then write to it. An attacker must convince a...

Mozilla: Crash with nested event loops

When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3...

CVE-2018-12392

When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3...

CVE-2018-3978

An exploitable out-of-bounds write vulnerability exists in the Word Document parser of the Atlantis Word Processor 3.0.2.3, 3.0.2.5. A specially crafted document can cause Atlantis to write a value outside the bounds of a heap allocation, resulting in a buffer overflow. An attacker must convince ...

VMware Host Guest Client Redirector - DLL Side Loading (Metasploit)

require 'msf/core' class MetasploitModule 'DLL Side Loading Vulnerability in VMware Host Guest Client Redirector', 'Description' = %q A DLL side loading vulnerability was found in the VMware Host Guest Client Redirector, a component of VMware Tools. This issue can be exploited by luring a victim...

VMSA-2016-0010:VMware product updates address multiple HIGH security issues

VMSA-2016-0010.1 VMware product updates address multiple important security issues VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2016-0010.1 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware product updates address multiple security issue...