Lucene search
K

3839 matches found

Prion
Prion
added 2017/08/11 7:29 p.m.22 views

Design/Logic Flaw

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when generating content using XFA layout engine. Successful exploitation could lead to arbitrary code execution...

9.3CVSS8.9AI score0.07569EPSS
Exploits0References3Affected Software5
Cvelist
Cvelist
added 2017/08/11 7:0 p.m.20 views

CVE-2017-11257

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution...

9.4AI score0.08422EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/08/11 7:0 p.m.25 views

CVE-2017-11224

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution...

9.4AI score0.09204EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/08/11 7:0 p.m.25 views

CVE-2017-11256

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when generating content using XFA layout engine. Successful exploitation could lead to arbitrary code execution...

9.5AI score0.07569EPSS
Exploits0References3
CVE
CVE
added 2017/08/11 7:0 p.m.72 views

CVE-2017-11257

Technical details for CVE-2017-11257 are not publicly available in the provided documents. Monitor for updates.

9.3CVSS9.2AI score0.08422EPSS
Exploits0References3Affected Software5
RedHat Linux
RedHat Linux
added 2017/08/10 11:20 p.m.7 views

Mozilla: Use-after-free with marquee during window resizing

A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox...

9.8CVSS7.3AI score0.02677EPSS
Exploits1References5
CNVD
CNVD
added 2017/08/10 12:0 a.m.2 views

Sandstorm Cap'n Proto Integer Overflow Vulnerability

Cap'n Proto is an extremely fast data exchange format and capability-based RPC system. An integer overflow vulnerability in layout.c++ in Sandstorm Cap'n Proto allows remote peers to cause a denial of service or obtain sensitive information from memory via specially crafted messages...

9.1CVSS7.1AI score0.01803EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/08/10 12:0 a.m.24 views

CVE-2017-7801

A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox...

9.8CVSS7.1AI score0.02677EPSS
Exploits1References3
OSV
OSV
added 2017/08/10 12:0 a.m.2 views

UBUNTU-CVE-2017-7801

A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox...

9.8CVSS7.2AI score0.02677EPSS
Exploits1References4
OSV
OSV
added 2017/08/09 6:29 p.m.3 views

UBUNTU-CVE-2015-2310

Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or possibly obtain sensitive information from memory via a crafted message, related to pointer validation...

9.1CVSS7.4AI score0.01803EPSS
Exploits0References3
OSV
OSV
added 2017/08/08 3:29 p.m.4 views

CVE-2017-10024

Vulnerability in the BI Publisher component of Oracle Fusion Middleware subcomponent: Layout Tools. The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks...

8.2CVSS7.3AI score0.01929EPSS
Exploits0References3
CVE
CVE
added 2017/08/08 3:0 p.m.64 views

CVE-2017-10024

CVE-2017-10024 affects Oracle Fusion Middleware BI Publisher (subcomponent Layout Tools), specifically BI Publisher 11.1.1.7.0. The vulnerability—addressed in the Oracle July 2017 CPU—allows an unauthenticated attacker with network access via HTTP to compromise BI Publisher, with potential unauth...

8.2CVSS7.7AI score0.01929EPSS
Exploits0References3Affected Software1
Microsoft CVE
Microsoft CVE
added 2017/08/08 7:0 a.m.24 views

Microsoft Edge Information Disclosure Vulnerability

An information disclosure vulnerability for Microsoft Edge exists as a result of how strings are validated in specific scenarios, which can allow an attacker to read sensitive data from memory and thereby potentially bypass Address Space Layout Randomization ASLR. By itself, this vulnerability do...

4.3CVSS6AI score0.05501EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2017/08/08 12:0 a.m.4 views

Adobe Acrobat and Reader Use After Free (APSB17-24: CVE-2017-11256)

A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to how Adobe processes XFA layout. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file with Adobe Reader...

9.3CVSS8.8AI score0.07569EPSS
Exploits0
Mozilla
Mozilla
added 2017/08/08 12:0 a.m.521 views

Security vulnerabilities fixed in Firefox ESR 52.3 — Mozilla

The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. A use-after-free vulnerability can occur in...

9.8CVSS9.7AI score0.04187EPSS
Exploits7References17Affected Software1
Check Point Advisories
Check Point Advisories
added 2017/08/08 12:0 a.m.6 views

Adobe Acrobat and Reader Type Confusion (APSB17-24: CVE-2017-11257)

A type confusion overflow vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to how Adobe processes XFA layout. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

9.3CVSS8.8AI score0.08422EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2017/08/01 2:22 p.m.3 views

kernel: NFSv4 server does not properly validate layout type when processing NFSv4 pNFS LAYOUTGET operand

It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service...

7.8CVSS7.2AI score0.08665EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/08/01 2:13 p.m.4 views

kernel: NFSv4 server does not properly validate layout type when processing NFSv4 pNFS LAYOUTGET operand

It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service...

7.8CVSS7.2AI score0.08665EPSS
Exploits0References4
OSV
OSV
added 2017/07/20 4:29 a.m.1 views

DEBIAN-CVE-2017-11472

The acpinsterminate function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism in the kernel throug...

7.1CVSS6AI score0.00373EPSS
Exploits0References1
CNVD
CNVD
added 2017/07/20 12:0 a.m.5 views

Unspecified Vulnerability in Oracle Fusion Middleware BI Publisher (CNVD-2017-17499)

Oracle Fusion Middleware is a comprehensive middleware product family consisting of SOA and middleware products.BI Publisher is one of the reporting components. Oracle BI Publisher version 11.1.1.7.0 contains a security vulnerability in the implementation of the Layout Tools component, which can ...

8.2CVSS6.8AI score0.01929EPSS
Exploits0References1
Rows per page
Query Builder