Lucene search
K

6339 matches found

NVD
NVD
added 2017/07/12 5:29 p.m.24 views

CVE-2017-2818

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger th...

8.8CVSS8.2AI score0.01977EPSS
Exploits1References2
OSV
OSV
added 2017/07/12 5:29 p.m.4 views

DEBIAN-CVE-2017-2818

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger th...

8.8CVSS7.3AI score0.01977EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/07/12 5:0 p.m.33 views

CVE-2017-2818

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger th...

7.5CVSS8.7AI score0.01977EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2017/07/12 12:49 p.m.30 views

CVE-2017-2818

An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger th...

8.8CVSS8.5AI score0.01977EPSS
Exploits1References2
CVE
CVE
added 2017/07/11 5:0 p.m.32 views

CVE-2017-7727

The connected sources identify CVE-2017-7727 as a Server-Side Request Forgery affecting the iSmartAlarm Backend. The vulnerability arises from an API endpoint that does not validate injection, enabling an attacker to use the backend as a proxy to perform SSRF/open redirection. Affected software i...

6.8AI score
Exploits2
ThreatPost
ThreatPost
added 2017/07/11 4:55 p.m.16 views

Telegram-Controlled Hacking Tool Targets SQL Injection at Scale

A black market hacking tool has the potential to rapidly conduct website scans for SQL injection vulnerabilities at a large scale, all managed from a smartphone through the Telegram messenger. The Katyusha Scanner is a relative newcomer available to black hats that surfaced in early April. It’s a...

0.7AI score
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2017/07/11 7:0 a.m.27 views

Windows Explorer Denial of Service Vulnerability

An Denial Of Service vulnerability exists when Windows Explorer attempts to open a non-existent file. An attacker who successfully exploited this vulnerability could cause a denial of service. A attacker could exploit this vulnerability by hosting a specially crafted web site and convince a user ...

6.5CVSS3AI score0.05945EPSS
Exploits0
Prion
Prion
added 2017/07/07 12:29 a.m.11 views

Authorization

EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to elevate their privileges and view other...

4CVSS6.4AI score0.01693EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2017/07/07 12:29 a.m.20 views

CVE-2017-4999

EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to elevate their privileges and view other...

6.5CVSS6.5AI score0.01693EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/07/07 12:0 a.m.24 views

CVE-2017-4999

EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to elevate their privileges and view other...

7.5AI score0.01693EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2017/06/29 10:39 p.m.9 views

Windows 10 to Get Built-in Protection Against Most Ransomware Attacks

Ransomware Ransomware Everywhere Not a Single Place to Hide! But, Microsoft has a simple solution to this problem to protect millions of its users against most ransomware attacks. Two massive ransomware attacks — WannaCry and Petya also known as NotPetya — in a month have caused chaos and...

6.4AI score
Exploits0
Mageia
Mageia
added 2017/06/26 9:37 p.m.59 views

Updated kernel-linus packages fixes critical security vulnerabilities

This kernel-linus update is based on upstream 4.4.74 and fixes at least the following security issues: The ipxitfioctl function in net/ipx/afipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service use-after-free or possibly have...

7.8CVSS4.1AI score0.05186EPSS
Exploits10References9
OSV
OSV
added 2017/06/26 9:29 p.m.5 views

CVE-2017-6325

The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an...

6.6CVSS6.4AI score0.02503EPSS
Exploits0References3
Veracode
Veracode
added 2017/06/22 3:33 a.m.13 views

Cross-site Scripting (XSS)

github.com/gogits/gogs is vulnerable to cross-site scripting XSS attacks. The attacks can be triggered because a user can change their username to anything other than an empty string. This allows them to enter code which may be executed...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/06/22 12:0 a.m.221 views

RHEL 5 : kernel (RHSA-2017:1482)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:1482 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: A flaw was found in the way memory was...

7.8CVSS7.3AI score0.05186EPSS
Exploits8References6
Tenable Nessus
Tenable Nessus
added 2017/06/20 12:0 a.m.26 views

Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20170619) (Stack Clash)

Security Fixes : - A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory...

7.8CVSS7.1AI score0.02733EPSS
Exploits14References2
Tenable Nessus
Tenable Nessus
added 2017/06/20 12:0 a.m.60 views

RHEL 5 / 6 / 7 : glibc (RHSA-2017:1479)

The remote Redhat Enterprise Linux 5 / 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:1479 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name servi...

7.8CVSS7AI score0.02733EPSS
Exploits14References5
RedHat Linux
RedHat Linux
added 2017/06/19 6:59 p.m.81 views

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.8CVSS7AI score0.05186EPSS
Exploits8References3
ThreatPost
ThreatPost
added 2017/05/24 11:10 a.m.14 views

Malware Network Communication Provides Better Early Warning Signal

Research is expected to be unveiled today that challenges the industry’s current reliance on dynamic malware analysis as the best means of early detection of infections. Instead, researchers from the Georgia Institute of Technology, the IMDEA Software Institute and EURECOM posit that a better...

7.2AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/05/12 7:29 a.m.25 views

CVE-2017-8911

An integer underflow has been identified in the unicodetoutf8 function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker...

9.8CVSS7AI score0.01934EPSS
Exploits0References1
Rows per page
Query Builder