Lucene search
K

34 matches found

Talos Blog
Talos Blog
added 2019/08/30 6:0 a.m.218 views

Vulnerability Spotlight: Multiple vulnerabilities in Aspose APIs

Marcin Noga of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered multiple remote code execution vulnerabilities in various Aspose APIs. Aspose provides a series of APIs for manipulating or converting a large family of document formats. These vulnerabilities exist in AP...

6.8CVSS0.9AI score0.03282EPSS
Exploits1
NVD
NVD
added 2019/07/21 7:15 p.m.22 views

CVE-2019-14214

An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to a JavaScript Denial of Service when deleting pages in a document that contains only one page by calling a "t.hidden = true" function...

7.5CVSS7.4AI score0.01597EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/02/14 12:0 a.m.158 views

Microsoft Windows Multiple Vulnerabilities (KB4074598)

This host is missing a critical security update according to Microsoft KB4074598 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS6.8AI score0.53715EPSS
Exploits7References1
RedHat Linux
RedHat Linux
added 2018/02/01 11:28 a.m.8 views

Mozilla: Use-after-free when source document is manipulated during XSLT (MFSA 2018-03)

A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firef...

9.8CVSS7.3AI score0.07262EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/01/24 10:5 a.m.6 views

Mozilla: Use-after-free when source document is manipulated during XSLT (MFSA 2018-03)

A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firef...

9.8CVSS7.3AI score0.07262EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2017/04/27 12:0 a.m.8 views

Vulnerability of programs for viewing and editing PDF files: Adobe Reader, Adobe Acrobat Document Cloud, Adobe Reader Document Cloud, and Adobe Acrobat allow a perpetrator to execute arbitrary code.

The vulnerability of the manipulation function for PDF files viewed and edited by Adobe Reader, Adobe Acrobat Document Cloud, Adobe Reader Document Cloud, and Adobe Acrobat is due to an operation going beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to execu...

9.3CVSS8AI score0.03362EPSS
Exploits0References3Affected Software2
Zero Day Initiative
Zero Day Initiative
added 2014/10/14 12:0 a.m.39 views

Microsoft Internet Explorer CAnchorElement Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.8CVSS6.3AI score0.22848EPSS
Exploits0References1
Prion
Prion
added 2014/07/07 11:1 a.m.23 views

Input validation

RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via a crafted XML document, as demonstrated by...

4.9CVSS6.4AI score0.04266EPSS
Exploits5References7Affected Software1
Cvelist
Cvelist
added 2014/07/07 10:0 a.m.23 views

CVE-2014-0868

RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via a crafted XML document, as demonstrated by...

5.8AI score0.04266EPSS
Exploits5References7
Zero Day Initiative
Zero Day Initiative
added 2014/06/11 12:0 a.m.28 views

Microsoft Internet Explorer CElement Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.8CVSS6.3AI score0.24212EPSS
Exploits0References1
NVD
NVD
added 2013/10/10 10:55 a.m.20 views

CVE-2013-0577

The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to bypass intended access restrictions and create, modify, or delete documents or scripts via unspecified vectors...

5.2CVSS5.8AI score0.00561EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2013/06/27 12:0 a.m.24 views

Microsoft Internet Explorer CHtmTagStm Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.8CVSS2.6AI score0.19345EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2009/10/30 12:0 a.m.39 views

openSUSE 10 Security Update : seamonkey (seamonkey-6538)

seamonkey was updated to version 1.1.18, fixing various security issues : MFSA 2009-43 / CVE-2009-2404 Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run...

9.3CVSS8.5AI score0.09282EPSS
Exploits12References12
Zero Day Initiative
Zero Day Initiative
added 2009/06/10 12:0 a.m.28 views

Microsoft Internet Explorer onreadystatechange Memory Corruption Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when repeated calls are made to...

9.3CVSS2.5AI score0.35074EPSS
Exploits1References1
Rows per page
Query Builder