Foxit Reader Link borderWidth Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...

Adobe Acrobat Pro DC U3D PCX Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Acrobat Pro DC U3D IFF Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Acrobat Pro DC U3D RGB Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...

Adobe Acrobat Pro DC U3D TIFF Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Acrobat Pro DC U3D GIF Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2016-9498 ManageEngine Applications Manager 12 and 13, allows unserialization of unsafe Java objects

ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application...

Adobe Acrobat Pro DC ImageConversion XPS GSUB Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within GSU...

Adobe Acrobat Pro DC WebLink rect Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

SSE-C Cryptographic Flaw

github.com/minio/minio is vulnerable to cryptographic flaws. The vulnerability exists as there is a weakness in the derived key-encryption-key for SSE-C encrypted objects. The vulnerability allows malicious users to replace objects that are encrypted with the same client key as it was not bound t...

Chrome V8 KeyAccumulator Bug

Chrome: V8: A bug with KeyAccumulator PoC: for let i = 0; i https://cs.chromium.org/chromium/src/v8/src/objects.cc?rcl=a2ca1996873f3ffa79d9495fb2cf4e7c0e51d9e9&l=18369. The new table is directly used as the backing store of the result array of "Reflect.ownKeysarr". 2. The shift method invokes the...

typo3 -- multiple vulnerabilities

Typo3 core team reports: It has been discovered that TYPO3’s Salted Password system extension which is a mandatory system component is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords...

Microsoft Windows Denial of Service Vulnerability (CNVD-2018-15860)

Microsoft Windows 7, etc. are operating systems released by Microsoft Corporation in the U.S. Microsoft Windows 7 is a set of operating systems for personal computers.Windows Server 2012 R2 is a set of server operating systems. A denial of service vulnerability exists in Microsoft Windows, which...

CVE-2018-8307

A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects, aka "WordPad Security Feature Bypass Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server...

CVE-2018-8307

A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects, aka "WordPad Security Feature Bypass Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server...

Security feature bypass

A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects, aka "WordPad Security Feature Bypass Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server...

CVE-2018-8308

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1,...

Microsoft Windows Multiple Vulnerabilities (KB4338815)

This host is missing a critical security update according to Microsoft KB4338815 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft .NET Framework Multiple Vulnerabilities (KB4338420)

This host is missing an important security update according to Microsoft KB4338420. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Microsoft Edge Information Disclosure Vulnerability (CNVD-2018-12880)

Edge is Microsoft's browser for Windows 10. Microsoft Edge suffers from an information disclosure vulnerability. The vulnerability stems from Microsoft Edge failing to properly handle objects in memory. An attacker could exploit the vulnerability to obtain information that could further compromis...