Adobe Framemaker out-of-bounds read vulnerability

Adobe FrameMaker is a document processing program used to write and edit large or complex documents, including structured documents.An out-of-bounds read vulnerability exists in Adobe Framemaker 2019 Update 8, 2020 Release Update 2 and earlier versions. An attacker could exploit this vulnerabilit...

Adobe Framemaker out-of-bounds write vulnerability (CNVD-2021-55967)

Adobe FrameMaker is a document processing program used to write and edit large or complex documents, including structured documents.An out-of-bounds write vulnerability exists in Adobe Framemaker. An attacker could exploit this vulnerability to execute arbitrary code...

CVE-2021-33575

The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...

CVE-2021-33575

The CVE affects the Pixar ruby-jss gem prior to 1.6.0. Affected component is ruby-jss which processes XML via the Plist gem, whose documented behavior uses Marshal.load, enabling remote code execution. Reported by multiple sources (Red Hat, OSV, NVD, Snyk, RubyGems advisories). Impact is rated hi...

CVE-2021-33575

The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...

CVE-2020-28587

A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. An attacker can entice the victim to open a document to...

Amazon Linux 2 : xerces-c (ALAS-2020-1415)

The version of xerces-c installed on the remote host is prior to 3.1.1-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1415 advisory. A use-after-free vulnerability was found in xerces-c in the way an XML document is processed via the SAX API. Applications that...

WPS Office Campus Edition suffers from dll hijacking vulnerability

WPS Office Campus Edition is for campuses, teachers, students and other educational users, adding the team function of cloud documents, adding LaTeX formulas, geometric diagrams, mind maps and other professional drawing tools, combining with AI technology, adding thesis checking, super resume,...

Aspose Aspose.Words for C++ EnumMetaInfo Code Execution Vulnerability

Summary An exploitable Stack Based Buffer Overflow vulnerability exists in the EnumMetaInfo function of Aspose Aspose.Words for C++, version 18.11.0.0. A specially crafted doc file can cause a stack-based buffer overflow, resulting in remote code execution. An attacker needs to provide a malforme...

CVE-2018-18064

cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c the generate and renderrows functions and cairo-image-compositor.c the cairoimagespansandzero function...

SUSE SLED12 / SLES12 Security Update : ghostscript (SUSE-SU-2018:2975-1)

This update for ghostscript to version 9.25 fixes the following issues : These security issues were fixed : CVE-2018-17183: Remote attackers were be able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code bsc1109105 CVE-2018-15909: Prevent type confusio...

CVE-2018-14316

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Foxit Reader Circle Annotation borderEffectStyle Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...

Microsoft .NET Framework Multiple Vulnerabilities (KB4095874)

This host is missing a critical security update according to Microsoft Security Updates KB4095874. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Polaris Office 2017 suffers from a denial of service vulnerability (CNVD-2018-03857)

Polaris Office is an office software developed by INFRAWARE of Korea. You can view and edit Word documents, Excel tables, Microsoft Office PowerPoint slides and other commonly used office documents. Polaris office 2017 suffers from a denial of service vulnerability in the processing of doc...

Description of Security and Quality Rollup for .NET Framework 3.5.1 for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4054998)

Description of Security and Quality Rollup for .NET Framework 3.5.1 for Windows 7 SP1 and Server 2008 R2 SP1 KB 4054998 Notice This update is included in the February 2018 Preview of the Quality Rollups for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Windo...

Description of the Security and Quality Rollup for .NET Framework 4.6 on Windows Server 2008 SP2 (KB 4055002)

Description of the Security and Quality Rollup for .NET Framework 4.6 on Windows Server 2008 SP2 KB 4055002 Notice As of January 18, 2018, update 4055002 applies only to Windows Server 2008 SP2. For more information about the January 2018 Security and Quality Rollup for .NET Framework 4.6, 4.6.1,...

Integer overflow

When opening a Hangul HShow Document .hpt and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a block of data within the file. When calculating this length, the application will use a value from the file and add a constant to it without checking...

CVE-2016-4296

When opening a Hangul Hcell Document .cell and processing a record that uses the CSSValFormat object, Hancom Office 2014 will search for an underscore "" character at the end of the string and write a null terminator after it. If the character is at the very end of the string, the application wil...

CVE-2016-4291

When opening a Hangul HShow Document .hpt and processing a structure within the document, Hancom Office 2014 will use a field from the structure in an operation that can cause the integer to overflow. This result is then used to allocate memory to copy file data in. Due to the lack of bounds...