Security feature bypass

Acrobat Reader DC versions 2020.012.20048 and earlier, 2020.001.30005 and earlier and 2017.011.30175 and earlier for macOS are affected by a security feature bypass that could result in dynamic library code injection by the Adobe Reader process. Exploitation of this issue requires user interactio...

Adobe Acrobat < 2017.011.30180 / 2020.001.30010 / 2020.013.20064 Multiple Vulnerabilities (APSB20-67) (macOS)

The version of Adobe Acrobat installed on the remote macOS host is a version prior to 2017.011.30180, 2020.001.30010, or 2020.013.20064. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader DC versions 2020.012.20048 and earlier, 2020.001.30005 and earlier and 2017.011.30175 a...

Adobe Reader < 2017.011.30180 / 2020.001.30010 / 2020.013.20064 Multiple Vulnerabilities (APSB20-67)

The version of Adobe Reader installed on the remote Windows host is a version prior to 2017.011.30180, 2020.001.30010, or 2020.013.20064. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader DC versions 2020.012.20048 and earlier, 2020.001.30005 and earlier and 2017.011.30175...

Code injection

OpenBSD through 6.6 allows local users to escalate to root because a check for LDLIBRARYPATH in setuid programs can be defeated by setting a very small RLIMITDATA resource limit. When executing chpass or passwd which are setuid root, dlsetupenv in ld.so tries to strip LDLIBRARYPATH from the...

CVE-2018-4420

A memory corruption issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1...

Heap overflow

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curlclose function, the library code first frees a struct without nulling the pointer and might then subsequently...

CVE-2018-16840

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the Curlclose function, the library code first frees a struct without nulling the pointer and might then subsequently...

Oh, Crap! Someone Accidentally Triggered A Flaw That Locked Up $280 Million In Ethereum

Horrible news for some Ethereum users. About $300 million worth of Ether—the cryptocurrency unit that has become one of the most popular and increasingly valuable cryptocurrencies—from dozens of Ethereum wallets was permanently locked up today. Smart contract coding startup Parity Technologies,...

CVE-2017-11113

In ncurses 6.0, there is a NULL Pointer Dereference in the ncparseentry function of tinfo/parseentry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data...

CVE-2017-11113

In ncurses 6.0, there is a NULL Pointer Dereference in the ncparseentry function of tinfo/parseentry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data...

CVE2014-6 2 8 7 analysis report-vulnerability warning-the black bar safety net

0x00 is written on the front In the cloud zone, see the HFS 2.3 x Remote command executioncatch the chicken hack doom of the article, just before analysis of binary vulnerabilities, this command injection vulnerability, or the first analysis, from the Internet under the HFS 2.3.279 this version u...

[DLA 24-1] poppler security update

Package : poppler Version : 0.12.4-1.2+squeeze4 CVE ID : CVE-2010-5110 Debian Bug : 722705 It was discovered that poppler did return program execution to the libjpeg library under error conditions, which is not expected by the library and results in application crash and possibly code execution...

RHEL 5 : openldap (RHSA-2010:0198)

Updated openldap packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

FreeBSD : krb5 -- double-free vulnerabilities (86a98b57-fb8e-11d8-9343-000a95bc6fae)

An advisory published by the MIT Kerberos team says : The MIT Kerberos 5 implementation's Key Distribution Center KDC program contains a double-free vulnerability that potentially allows a remote attacker to execute arbitrary code. Compromise of a KDC host compromises the security of the entire...

CVE-2007-5661

The Macrovision InstallShield InstallScript One-Click Install OCI ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine...

Debian Security Advisory DSA 1276-1 (krb5)

The remote host is missing an update to krb5 announced via advisory DSA 1276-1. Several remote vulnerabilities have been discovered in the MIT reference implementation of the Kerberos network authentication protocol suite, which may lead to the execution of arbitrary code. The Common...

Debian DSA-1276-1 : krb5 - several vulnerabilities

Several remote vulnerabilities have been discovered in the MIT reference implementation of the Kerberos network authentication protocol suite, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-0956 It...

iDefense Security Advisory 02.23.07: Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability

Mozilla Network Security Services SSLv2 Client Integer Underflow Vulnerability iDefense Security Advisory 02.23.07 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 23, 2007 I. BACKGROUND Network Security Services NSS is a set of libraries designed to support cross-platform development o...