Lucene search
K

5254 matches found

Zero Day Initiative
Zero Day Initiative
added 2018/04/20 12:0 a.m.21 views

Foxit Reader XFA field Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of fiel...

6.8CVSS5AI score0.02773EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2018/04/19 12:0 a.m.28 views

Microsoft Edge CSS Custom Property Type Confusion Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

2.6CVSS0.4AI score0.0478EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2018/04/19 12:0 a.m.8 views

The vulnerability of the Media Streaming add-on, which handles the transmission of multimedia files, arises from the failure to eliminate special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of the Media Streaming add-on relates to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system commands with root privileges remotely...

10CVSS5.9AI score0.02331EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/04/18 12:29 a.m.2 views

CVE-2018-10193

LogMeIn LastPass through 4.15.0 allows remote attackers to cause a denial of service browser hang via an HTML document because the resource consumption of onloadwff.js grows with the number of INPUT elements...

7.5CVSS5.8AI score0.04834EPSS
Exploits1References3
NVD
NVD
added 2018/04/18 12:29 a.m.21 views

CVE-2018-10193

LogMeIn LastPass through 4.15.0 allows remote attackers to cause a denial of service browser hang via an HTML document because the resource consumption of onloadwff.js grows with the number of INPUT elements...

7.5CVSS7.4AI score0.04834EPSS
Exploits1References3
OSV
OSV
added 2018/04/11 1:29 p.m.35 views

CVE-2018-1273

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

9.8CVSS10AI score0.95649EPSS
Exploits9References4
NVD
NVD
added 2018/04/11 1:29 p.m.28 views

CVE-2018-1273

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user or attacker can supply specially crafted request parameters...

9.8CVSS9.8AI score0.95649EPSS
Exploits9References4
RedHat Linux
RedHat Linux
added 2018/04/10 12:0 a.m.6 views

tcpdump: Buffer over-read in print-802_11.c:parse_elements() in IEEE 802.11 parser

The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-80211.c:parseelements...

9.8CVSS7.6AI score0.03354EPSS
Exploits0References4
OSV
OSV
added 2018/04/03 6:29 a.m.2 views

CVE-2017-2493

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain...

6.5CVSS7.3AI score0.0148EPSS
Exploits2References4
Zero Day Initiative
Zero Day Initiative
added 2018/03/26 12:0 a.m.29 views

Microsoft Edge Select Element Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

6.8CVSS1.9AI score0.05605EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2018/03/23 12:0 a.m.26 views

Microsoft Edge CSS var Function Type Confusion Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

4.3CVSS0.5AI score0.0478EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2018/03/19 12:0 a.m.22 views

Microsoft Edge CQuotes Type Confusion Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

4.3CVSS0.2AI score0.0478EPSS
Exploits0References1
OSV
OSV
added 2018/03/14 12:0 a.m.1 views

UBUNTU-CVE-2018-5128

A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash. This vulnerability affects Firefox 59...

9.8CVSS7.3AI score0.0184EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2018/02/15 12:0 a.m.5 views

The vulnerability of the Mercurial version control software lies in its inability to properly handle special elements used in the operating system’s command line. This allows a perpetrator to execute arbitrary code.

The vulnerability of the Mercurial version control software is related to the lack of measures to neutralize special elements used in the operating system’s command line. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created Git subrepository...

10CVSS7.6AI score0.06331EPSS
Exploits0References5Affected Software3
Tenable Nessus
Tenable Nessus
added 2018/02/12 12:0 a.m.25 views

FreeBSD : mpv -- arbitrary code execution via crafted website (3ee6e521-0d32-11e8-99b0-d017c2987f9a)

mpv developers report : mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted website, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. For example, an...

8.8CVSS8.2AI score0.02642EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2018/02/06 12:0 a.m.31 views

SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2018:0361-1)

This update for MozillaFirefox to version ESR 52.6 fixes several issues. These security issues were fixed : - CVE-2018-5091: Use-after-free with DTMF timers bsc1077291. - CVE-2018-5095: Integer overflow in Skia library during edge builder allocation bsc1077291. - CVE-2018-5096: Use-after-free whi...

9.8CVSS7.5AI score0.07262EPSS
Exploits0References24
RedHat Linux
RedHat Linux
added 2018/02/01 11:28 a.m.3 views

Mozilla: Use-after-free while manipulating form input elements (MFSA 2018-03)

A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firefox 58...

9.8CVSS7.3AI score0.03111EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/02/01 11:28 a.m.2 views

Mozilla: Use-after-free while editing form elements (MFSA 2018-03)

A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.6 and Thunderbird 52.6...

9.8CVSS7.4AI score0.02997EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2018/02/01 12:0 a.m.6 views

The vulnerability of the microprogrammed software of the Digizo ShAirDisk PTW-WMS1, caused by the failure to implement measures to neutralize special elements, allows a intruder to execute arbitrary commands of the operating system.

The vulnerability of the microprogrammed wireless mobile disk storage device Digizo ShAirDisk PTW-WMS1 arises due to the lack of measures to neutralize the special elements used in the operating system’s team. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

10CVSS5.9AI score0.02277EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/02/01 12:0 a.m.4 views

The vulnerability of the Zivif PR115-204-P-RS webcam’s microprogramming software is related to the lack of measures taken to neutralize special elements, allowing intruders to execute arbitrary commands.

The vulnerability of the Zivif PR115-204-P-RS webcam microprogramming software is related to the lack of measures taken to neutralize the special elements used in the command string. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using CGI scripts. An example...

10CVSS8.2AI score0.84558EPSS
Exploits8References4Affected Software1
Rows per page
Query Builder