Lucene search
K

207 matches found

Prion
Prion
added 2021/02/04 7:15 a.m.14 views

Integer overflow

An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation...

6.8CVSS7.9AI score0.72559EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2021/01/18 12:0 a.m.21 views

Huawei EMUI Heap Overflow Vulnerability

Huawei Emui is an Android-based mobile operating system developed by Huawei of China. Huawei EMUI is vulnerable to a heap overflow vulnerability, which can be exploited by remote attackers to submit special ad hoc requests that can perform denial-of-service attacks or execute arbitrary code in...

9.8CVSS6.6AI score0.01292EPSS
Exploits0References1
Mageia
Mageia
added 2021/01/08 3:34 p.m.38 views

Updated squirrelmail packages fix security vulnerabilities

XSS was discovered in SquirrelMail through 1.4.22. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of for example a NOEMBED,...

6.1CVSS0.6AI score0.01819EPSS
Exploits2References3
CNVD
CNVD
added 2020/12/15 12:0 a.m.1 views

Foxit Reader Type Obfuscation Vulnerability (CNVD-2021-04407)

Foxit Reader is a PDF document reader. A type confusion vulnerability exists in Foxit Reader, which can be exploited by a remote attacker to submit a special file request and trick the user into parsing it, which can crash the application or execute arbitrary code in the application context...

8.8CVSS7.7AI score0.02869EPSS
Exploits1References1
Veracode
Veracode
added 2020/12/11 9:26 a.m.22 views

Cross-Site Scripting (XSS)

SquirrelMail is vulnerable to cross-site scripting. The vulnerability is possible through bypassing the buit-in sanitization due to improper handling of RCDATA and RAWTEXT type elements. An attacker may execute malicious script content from HTML e-mail within the application context...

6.1CVSS1.2AI score0.01819EPSS
Exploits2References6Affected Software1
CNVD
CNVD
added 2020/10/12 12:0 a.m.3 views

D-Link DAP-136 IP Parameter Command Execution Vulnerability

The D-Link DAP-136 is a wireless network signal extender. The D-Link DAP-136 suffers from a security vulnerability in the handling of IP parameters, which allows remote attackers to exploit the vulnerability by submitting a special request that can be used in an application context to execute...

9CVSS7AI score0.04791EPSS
Exploits1References1
CNVD
CNVD
added 2020/09/21 12:0 a.m.2 views

IBM Spectrum Protect Plus Directory Traversal Vulnerability

IBM Spectrum Protect Plus is a data protection platform. A directory traversal vulnerability exists in IBM Spectrum Protect Plus, which can be exploited by a remote attacker to submit a special request to read system files in an application context...

6.8AI score
Exploits0References1
CNVD
CNVD
added 2020/03/20 12:0 a.m.1 views

Code Execution Vulnerability in Foxit Reader U3D Plug-in

Foxit Software Incorporated Foxit Software is a provider of product technology and solutions that cover the document lifecycle, including document generation, conversion, display, editing, searching, printing, storage, signing, forms, protection, and secure distribution management. A code executi...

7.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2020/03/05 12:0 a.m.3 views

Electronic Arts Origin Client Remote Code Injection (CVE-2019-11354)

A template injection vulnerability exists in the Electronic Arts Origin Client. The vulnerability is due to improper validation of data in the title parameter. Successful exploitation could result in command execution on the target machine in the context of the application...

6.8CVSS7.9AI score0.23129EPSS
Exploits7
Prion
Prion
added 2019/12/26 4:15 p.m.19 views

Input validation

a-blog cms versions prior to Ver.2.10.23 Ver.2.10.x, Ver.2.9.26 Ver.2.9.x, and Ver.2.8.64 Ver.2.8.x allows arbitrary scripts to be executed in the context of the application due to unspecified vectors...

4.3CVSS6.2AI score0.00655EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/12/26 3:16 p.m.19 views

CVE-2019-6034

a-blog cms versions prior to Ver.2.10.23 Ver.2.10.x, Ver.2.9.26 Ver.2.9.x, and Ver.2.8.64 Ver.2.8.x allows arbitrary scripts to be executed in the context of the application due to unspecified vectors...

6.2AI score0.00655EPSS
Exploits0References2
Check Point Advisories
Check Point Advisories
added 2019/11/26 12:0 a.m.4 views

Cisco Webex Teams code Injection (CVE-2019-1636)

A remote code execution vulnerability exists in Cisco Webex Teams. The vulnerability is due to improper sanitation of user-supplied data which may be passed to the application as an option regarding the DLL loading path. Successful exploitation could result in code execution on the target machine...

9.3CVSS8.1AI score0.46891EPSS
Exploits3
NVD
NVD
added 2019/10/31 9:15 p.m.37 views

CVE-2018-3983

An exploitable uninitialized pointer vulnerability exists in the Word document parser of the the Atlantis Word Processor. A specially crafted document can cause an array fetch to return an uninitialized pointer and then performs some arithmetic before writing a value to the result. Usage of this...

8.8CVSS8AI score0.01458EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2019/08/13 8:54 a.m.2 views

Let Experts Do Their Job – Managed WAF by Indusface

WAF Web Application Firewall has been the first line of defence when it comes to application security for a while now. Many organizations have adopted WAF in one form or the other and most cases, compliance has been the driver for adoption. But unfortunately, when it comes to the efficacy of WAF ...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.32 views

Debian DLA-1868-1 : squirrelmail security update

A XSS vulnerability was discovered in SquirrelMail. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mails can be executed within the application context via crafted use of for example a NOEMBED...

6.1CVSS6.1AI score0.01819EPSS
Exploits2References3
NVD
NVD
added 2018/10/01 8:29 p.m.28 views

CVE-2018-3982

An exploitable arbitrary write vulnerability exists in the Word document parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can prevent Atlas from adding elements to an array that is indexed by a loop. When reading from this array, the application will use an...

8.8CVSS8AI score0.0128EPSS
Exploits1References1
OSV
OSV
added 2018/08/22 5:29 p.m.1 views

CVE-2018-5235

Norton Utilities prior to 16.0.3.44 may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will...

6CVSS5.8AI score0.00385EPSS
Exploits0References2
NVD
NVD
added 2018/04/24 7:29 p.m.15 views

CVE-2017-2902

An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application...

8.8CVSS8.1AI score0.01866EPSS
Exploits1References3
NVD
NVD
added 2018/04/24 7:29 p.m.12 views

CVE-2017-2905

An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application...

8.8CVSS8.1AI score0.01866EPSS
Exploits1References3
OSV
OSV
added 2018/04/24 7:29 p.m.17 views

CVE-2017-2905

An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application...

7.8CVSS8.2AI score
Exploits0References3
Rows per page
Query Builder