Adobe Acrobat/Reader Memory Corruption Vulnerability (CNVD-2017-21194)

Adobe Reader/Acrobat is a popular application for working with PDF files. A memory corruption vulnerability exists in Adobe Reader/Acrobat. Allowing an attacker to construct a malicious PDF file and trick the user into parsing it could crash the application or execute arbitrary code...

Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Adobe Acrobat Pro DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Candy Chat Cross-Site Scripting Vulnerability

Candy Chat is an open source multi-user chat software based on the XMPP protocol. A cross-site scripting vulnerability exists in Candy Chat. A remote attacker can exploit this vulnerability to execute code on a page via message senders...

PT-2017-12: Buffer Overflow in Intel Management Engine

The specialists of the Positive Research center have detected a Buffer Overflow vulnerability in Intel Management Engine. Multiple buffer overflows in Intel Manageability Engine Firmware, Server Platform Services Firmware, and Trusted Execution Engine Firmware allow attackers with local access to...

DotNetNuke Remote Code Execution Vulnerability

DotNetNuke DNN is a set of U.S. DNN company supported by Microsoft , based on the ASP.NET platform for open source content management system CMS. The system is easy to install , scalable , feature-rich and so on. A security vulnerability exists in versions of DotNetNuke prior to 9.1.1. A remote...

EUVD-2017-15791

A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the affected device. The vulnerability is due to a...

Microsoft Windows Win32k Elevation of Privilege Vulnerability (CNVD-2017-16984)

Microsoft Windows is a family of operating systems released by Microsoft Corporation in the U.S. Win32k is the 32-bit environment of its operating system. An elevation of privilege vulnerability exists in Win32k in Microsoft Windows, which stems from a failure of the Graphics component to properl...

KLA11070 Multiple vulnerabilities in Microsoft Edge and Microsoft Internet Explorer

Multiple serious vulnerabilities have been found in Microsoft Edge and Microsoft Internet Explorer. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code and spoof user interface. Below is a complete list of vulnerabilities: 1. An improper...

CVE-2017-9529

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx+0x0000000000004efd."...

Code injection

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx+0x000000000000dcab."...

Code injection

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x000000000002e385."...

Code injection

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .bie file, related to a "Read Access Violation on Block Data Move starting at Xjbig+0x000000000000121b."...

Stack overflow

XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted JPEG 2000 file that is mishandled during the opening of a directory in "Browser" mode, because of a "Stack Buffer Overrun" issue...

CVE-2017-9900

XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x000000000002e385."...

IBM DB2 Buffer Overflow Vulnerability (CNVD-2017-14908)

IBM DB2 Universal Database Server is a commercial relational database system. A buffer overflow vulnerability exists in IBM DB2. A local attacker could exploit this vulnerability to execute arbitrary code...

The vulnerabilities of VMware ESXi, VMware Fusion, VMware Fusion Pro, Vmware Workstation Player, and Vmware Workstation Pro allow attackers to execute arbitrary code.

The vulnerability of VMware ESXi, VMware Fusion, VMware Fusion Pro, Vmware Workstation Player, and Vmware Workstation Pro lies in buffer overflows in SVGA memory. Exploiting this vulnerability allows a local attacker to execute arbitrary code on the host system...

Microsoft Edge Memory Corruption Vulnerability (CNVD-2017-12108)

Microsoft Edge is a web browser developed by Microsoft USA and is the default browser that comes with the Windows 10 operating system. A memory corruption vulnerability exists in Microsoft Edge. A remote attacker can exploit this vulnerability to execute arbitrary code or cause a denial of servic...

Microsoft Windows PDF Library JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows PDF Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Out-of-bounds

VMware Workstation 12.x prior to 12.5.3 and Horizon View Client 4.x prior to 4.4.0 contain multiple out-of-bounds read vulnerabilities in TrueType Font TTF parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs...