Foxit Reader Annotation author Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

Foxit Reader Field rect Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the...

UBUNTU-CVE-2017-0366

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration...

CVE-2018-5254

Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service Rib agent restart via a malformed path attribute in an UPDATE message...

Spring Data Commons Remote Code Execution Vulnerability

Spring Data is a project module in the Spring Framework that provides access to the underlying data , Spring Data Commons is a shared base module . A remote code execution vulnerability exists in Spring Data Commons. The vulnerability is due to the Spring Data Commons module using SpEl expression...

Spring Data Commons Denial of Service Vulnerability

Spring Data is a project module in the Spring Framework that provides access to the underlying data , Spring Data Commons is a shared base module . A denial of service vulnerability exists in Spring Data Commons. Because the Spring Data Commons module does not limit resource allocation when parsi...

tcpdump: Buffer over-read in print-bgp.c:bgp_attr_print() in BGP parser

The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgpattrprint...

tcpdump: Buffer over-read in print-bgp.c:bgp_attr_print() in BGP parser

The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgpattrprint...

tcpdump: Buffer over-read in print-radius.c:print_attr_string() in RADIUS parser

The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in print-radius.c:printattrstring...

Low: ruby

Issue Overview: Command injection in lib/resolv.rb:lazyinitialize allows arbitrary code execution: The "lazyinitialize" function in lib/resolv.rb did not properly process certain filenames. A remote attacker could possibly exploit this flaw to inject and execute arbitrary commands. CVE-2017-17790...

CVE-2017-9693

CVE-2017-9693 describes a local vulnerability in Android for MSM, Firefox OS for MSM, and QRD Android where the length of the STA_EXT_CAPABILITY attribute value is shorter than StaParams.extn_capability, causing a memcpy from params->ext_capab to StaParams.extn_capability to read extra bytes. ...

CVE-2017-9693

The length of attribute value for STAEXTCAPABILITY in wlanhddchangestation in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-06 being less than the actual lenth of StaParams.extncapability results in a read for extra bytes when a memcpy is done from params-extcapab to...

UBUNTU-CVE-2018-3740

A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element...

CVE-2018-9140

On Samsung mobile devices with M6.0 software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747...

CVE-2018-9140

On Samsung mobile devices with M6.0 software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747...

Envizon - Network Visualization Tool With Focus On Red / Blue Team Requirements

This tool is designed, developed and supported by evait security. In order to give something back to the security community, we publish our internally used and developed, state of the art network visualization and organization tool, 'envizon'. We hope your feedback will help to improve and hone i...

MISP has an unspecified vulnerability

MISP is a suite of open source software solutions for collecting, storing, distributing and sharing cybersecurity metrics and threats cybersecurity event analysis and malware analysis. A security vulnerability exists in the app/Model/Attribute.php file in MISP. An attacker could exploit the...

CVE-2018-8978

Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI...

CVE-2018-8978

Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI...

CVE-2018-8978

Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI...