Lucene search
K

73 matches found

CNVD
CNVD
added 2021/03/24 12:0 a.m.8 views

Foxit PhantomPDF Memory Corruption Vulnerability (CNVD-2021-26391)

Foxit PhantomPDF is China's Foxit Foxit company a PDF document reader. A memory corruption vulnerability exists in Foxit PhantomPDF when processing U3D objects in PDF files. The vulnerability stems from the program not properly validating user input. An attacker could exploit this vulnerability t...

7.8CVSS7.1AI score0.03304EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/03/10 12:0 a.m.37 views

Adobe Bridge 11.x < 11.0.1 Multiple Vulnerabilities (APSB21-07)

The version of Adobe Bridge installed on the remote Windows host is prior to 11.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb21-07 advisory. - Adobe Bridge version 11.0 and earlier is affected by an out-of-bounds write vulnerability when parsing TTF files...

7.8CVSS8.2AI score0.03361EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/03/10 12:0 a.m.38 views

Adobe Bridge 11.x < 11.0.1 Multiple Vulnerabilities (APSB21-07)

The version of Adobe Bridge installed on the remote macOS or Mac OS X host is prior to 11.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb21-07 advisory. - Adobe Bridge version 11.0 and earlier is affected by an out-of-bounds write vulnerability when parsing T...

7.8CVSS8.2AI score0.03361EPSS
Exploits0References3
NVD
NVD
added 2021/01/13 11:15 p.m.21 views

CVE-2021-21012

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an insecure direct object vulnerability IDOR in the checkout module. Successful exploitation could lead to sensitive information disclosure...

5.3CVSS4.7AI score0.03951EPSS
Exploits0References1
Prion
Prion
added 2021/01/13 11:15 p.m.26 views

Design/Logic Flaw

Magento versions 2.4.1 and earlier, 2.4.0-p1 and earlier and 2.3.6 and earlier are vulnerable to an insecure direct object vulnerability IDOR in the customer API module. Successful exploitation could lead to sensitive information disclosure and update arbitrary information on another user's accou...

5.5CVSS7.4AI score0.03181EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/02/18 4:15 p.m.13 views

Design/Logic Flaw

dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set function could be tricked into adding or modifying properties of Object.prototype using a proto payload...

6.5CVSS6.2AI score0.01098EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/02/18 3:57 p.m.26 views

CVE-2019-10793

dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set function could be tricked into adding or modifying properties of Object.prototype using a proto payload...

6.2AI score0.01098EPSS
Exploits1References2
NVD
NVD
added 2019/01/16 5:29 a.m.22 views

CVE-2019-6446

An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have...

9.8CVSS9.4AI score0.17078EPSS
Exploits2References13
UbuntuCve
UbuntuCve
added 2019/01/16 5:29 a.m.38 views

CVE-2019-6446

An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have...

9.8CVSS7.4AI score0.17078EPSS
Exploits2References1
OSV
OSV
added 2018/09/18 1:47 p.m.22 views

GHSA-FP82-2H99-3FPP Prototype Pollution in async merge-object

The utilities function in all versions of the merge-object node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects...

9.8CVSS5.9AI score0.01428EPSS
Exploits1References2
CNVD
CNVD
added 2018/02/26 12:0 a.m.5 views

PHP Incomplete Fix for Remote Code Execution Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...

9.8CVSS7.3AI score0.07753EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2017/04/12 11:44 a.m.6 views

flash-plugin: multiple code execution issues fixed in APSB17-10

Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution...

10CVSS7.7AI score0.09511EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2017/03/30 3:59 p.m.24 views

CVE-2014-9804

vision.c in ImageMagick allows remote attackers to cause a denial of service infinite loop via vectors related to "too many object."...

7.5CVSS6.9AI score0.0335EPSS
Exploits0References3
Debian
Debian
added 2015/10/12 5:20 p.m.48 views

[SECURITY] [DLA 325-1] linux-2.6 security update

Package : linux-2.6 Version : 2.6.32-48squeeze16 CVE ID : CVE-2015-2925 CVE-2015-5257 CVE-2015-7613 This update fixes the CVEs described below. CVE-2015-2925 Jann Horn discovered that when a subdirectory of a filesystem was bind-mounted into a chroot or mount namespace, a user that should be...

6.9CVSS6.8AI score0.01246EPSS
Exploits1
OSV
OSV
added 2013/09/27 10:8 a.m.5 views

CVE-2013-5942

Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to 1 remotestorage.py, 2 storage.py, 3 render/datalib.py, and 4 whitelist/views.py, a different vulnerability than CVE-2013-5093...

7.3AI score
Exploits0References2
OSV
OSV
added 2013/09/27 10:8 a.m.26 views

PYSEC-2013-34

Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to 1 remotestorage.py, 2 storage.py, 3 render/datalib.py, and 4 whitelist/views.py, a different vulnerability than CVE-2013-5093...

6.8CVSS7.5AI score0.02106EPSS
Exploits0References3
Check Point Advisories
Check Point Advisories
added 2012/11/13 12:0 a.m.14 views

Microsoft Internet Explorer CTreePos Use After Free (MS12-071; CVE-2012-1539)

A remote code execution vulnerability has been reported in Internet Explorer. The vulnerability is due an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a user to open a...

9.3CVSS7.1AI score0.2537EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/10/15 12:0 a.m.57 views

Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : thunderbird vulnerabilities (USN-1611-1)

Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others discovered several memory corruption flaws in Thunderbird. If a user were tricked into opening a malicious website and had JavaScript enabled, an attacker could exploit these to execute arbitrary JavaScript code within the...

10CVSS8.7AI score0.42609EPSS
Exploits8References27
Prion
Prion
added 2011/10/12 2:52 a.m.34 views

Remote code execution

Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability."...

9.3CVSS8.6AI score0.18886EPSS
Exploits1References2Affected Software1
exploitpack
exploitpack
added 2010/12/22 12:0 a.m.11 views

Microsoft WMITools - ActiveX Remote Command Execution

Microsoft WMITools - ActiveX Remote Command Execution Exploit-DB Notes: Original credit goes to "牛奶坦克" via WooYun: http://www.wooyun.org/bugs/wooyun-2010-01006 //run calc.exe var shellcode =...

0.7AI score
Exploits0
Rows per page
Query Builder