Lucene search
+L

145 matches found

CVE
CVE
added 2019/09/27 5:16 p.m.237 views

CVE-2019-11747

CVE-2019-11747 affects Mozilla Firefox and Firefox ESR. The vulnerability stems from a bug in the History pane’s “Forget about this site” feature which, while intended to delete site-visit data, also removes HSTS settings for sites on the pre-load list. As a result, on the next visit, if a user u...

6.5CVSS6.8AI score0.01195EPSS
Exploits0References5Affected Software2
RedhatCVE
RedhatCVE
added 2019/09/04 1:22 a.m.27 views

CVE-2019-11747

The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security HSTS settings received from sites that use it. Due to a bug, sites on the pre-load list also have...

6.5CVSS0.1AI score0.01195EPSS
Exploits0References4
NVD
NVD
added 2019/08/14 9:15 p.m.19 views

CVE-2019-1205

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could th...

9.8CVSS7.8AI score0.03968EPSS
Exploits0References1
OSV
OSV
added 2019/08/14 9:15 p.m.3 views

CVE-2019-1205

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could th...

7.8CVSS7.6AI score0.03968EPSS
Exploits0References1
OSV
OSV
added 2019/08/14 9:15 p.m.5 views

CVE-2019-1201

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could th...

7.8CVSS7.6AI score0.0486EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2019/08/13 7:0 a.m.57 views

Microsoft Word Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. The file could th...

9.3CVSS7.8AI score0.0486EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2019/08/13 12:0 a.m.6 views

PT-2019-3013 · Microsoft · Outlook 2016 +6

Name of the Vulnerable Software and Affected Versions: Microsoft Word affected versions not specified Description: A remote code execution issue exists in Microsoft Word software due to its failure to properly handle objects in memory. This could allow an attacker to use a specially crafted file ...

9.8CVSS7.9AI score0.03968EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/08/13 12:0 a.m.4 views

PT-2019-2919 · Microsoft · Outlook 2016 +7

Name of the Vulnerable Software and Affected Versions: Microsoft Word affected versions not specified Description: A remote code execution issue exists in Microsoft Word software due to its failure to properly handle objects in memory. This could allow an attacker to use a specially crafted file ...

10CVSS8AI score0.0486EPSS
Exploits0References7
ThreatPost
ThreatPost
added 2018/02/13 5:1 p.m.157 views

Two Nasty Outlook Bugs Fixed in Microsoft’s Feb. Patch Tuesday Update

Microsoft issued 50 security fixes as part of its February Patch Tuesday release, covering vulnerabilities in Windows, Office, Internet Explorer, Edge and its JavaScript engine ChakraCore. Fourteen of the vulnerabilities are labeled as critical, 34 as important and two as moderate. Two notable...

9.3CVSS0.8AI score0.2043EPSS
Exploits0References7
CNVD
CNVD
added 2017/06/29 12:0 a.m.8 views

Biscom Secure File Transfer Stored Cross-Site Scripting Vulnerability

Biscom Secure File Transfer SFT is a Web-based file transfer solution from Biscom USA. The solution has features such as file sharing, workspace creation and automatic file cleanup. In Biscom SFT version 5.1.1015, the 'Name' and 'Description' fields of the workspace and the File Details pane of t...

5.4CVSS6.3AI score0.00879EPSS
Exploits1References1
Prion
Prion
added 2017/06/28 1:29 p.m.14 views

Cross site scripting

Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting XSS in the "Name" and "Description" fields of a Workspace, as well as the "Description" field of a File Details pane of a file stored in a Workspace. This issue has...

3.5CVSS5.2AI score0.00879EPSS
Exploits1References3Affected Software1
Microsoft Malware Protection
Microsoft Malware Protection
added 2017/06/27 12:59 p.m.19 views

What’s new in Windows Defender ATP Fall Creators Update

When we introduced Windows Defender Advanced Threat Protection Windows Defender ATP, our initial focus was to reduce the time it takes companies to detect, investigate, and respond to advanced attacks. The Windows Fall Creators Update represents a new chapter in our product evolution as we offer ...

7AI score
Exploits0
OSV
OSV
added 2017/03/17 12:59 a.m.0 views

CVE-2017-0100

A DCOM object in Helppane.exe in Microsoft Windows 7 SP1; Windows Server 2008 R2; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows HelpPane Elevation...

7.8CVSS5.8AI score0.04957EPSS
Exploits3References6
Microsoft CVE
Microsoft CVE
added 2017/03/14 7:0 a.m.36 views

Windows Graphics Component Remote Code Execution Vulnerability

A remote code execution vulnerability exists due to the way the Windows Graphics Component handles objects in memory. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or creat...

7.6CVSS6.8AI score0.17594EPSS
Exploits0
Prion
Prion
added 2017/01/12 3:59 p.m.22 views

Privilege escalation

An elevation of privilege vulnerability in Smart Lock could enable a local malicious user to access Smart Lock settings without a PIN. This issue is rated as Moderate because it first requires physical access to an unlocked device where Smart Lock was the last settings pane accessed by the user...

2.1CVSS6.2AI score0.00153EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/01/11 4:59 a.m.3 views

CVE-2017-2956

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine, related to manipulation of the navigation pane. Successful exploitation could lead to arbitrary code execution...

7.8CVSS6AI score0.03518EPSS
Exploits0References3
Prion
Prion
added 2017/01/11 4:59 a.m.19 views

Design/Logic Flaw

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine, related to manipulation of the navigation pane. Successful exploitation could lead to arbitrary code execution...

9.3CVSS8AI score0.03518EPSS
Exploits0References3Affected Software4
AlpineLinux
AlpineLinux
added 2017/01/11 4:40 a.m.5 views

CVE-2017-2956

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine, related to manipulation of the navigation pane. Successful exploitation could lead to arbitrary code execution...

9.3CVSS7.9AI score0.03518EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2016/12/13 8:0 a.m.34 views

Windows Graphics Component Remote Code Execution Vulnerability

A remote code execution vulnerability exists due to the way the Windows Graphics Component handles objects in memory. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or creat...

9.3CVSS8.7AI score0.18992EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2016/12/13 8:0 a.m.32 views

Windows Graphics Component Remote Code Execution Vulnerability

A remote code execution vulnerability exists due to the way the Windows Graphics Component handles objects in memory. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or creat...

9.3CVSS8.7AI score0.39261EPSS
Exploits0
Rows per page
Query Builder