HPE Intelligent Management Center DBMan RestoreDBase MySQL Command Injection (CVE-2017-5819)

A command injection vulnerability exists in the dbman component of HPE Intelligent Management Center. The vulnerability exists due to missing validation when handling MySQL databases commands...

php: Missing type check when unserializing SplArray

ext/spl/splarray.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data...

Foxit Reader Annotation author Remote Code Execution Vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in Annotation author parsing, which can be exploited by an attacker to execute arbitrary code in the current process context due to a lack of validation before performing an operation on an...

Foxit Reader OCG name Remote Code Execution Vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the handling of the OCG name attribute, which can be exploited to execute arbitrary code in the context of the current process due to a lack of validation before performing an operation ...

Foxit Reader TextBox Calculate Remote Code Execution Vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the TextBox Calculate handling, which can be exploited to execute arbitrary code in the context of the current process due to a lack of validation before performing an operation on the...

Foxit Reader XFA Button resolveNodes Remote Code Execution Vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the handling of the XFA Button resolveNodes element, which can be exploited to execute arbitrary code in the context of the current process, due to a lack of validation before performing...

Foxit Reader Text Annotations Remote Code Execution Vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the Text Annotations handling, which can be exploited to execute arbitrary code in the current process context due to a lack of validation before performing operations on objects...

Huawei Honor 8 Bdat Driver Integer Overflow Vulnerability

Huawei Honor 8 Youth is a smartphone device. An integer overflow vulnerability exists in the Huawei Honor 8 Youth Edition Bdat driver. Due to a lack of parameter checking, an attacker can exploit the vulnerability to trick a user into installing a malicious application and executing it with...

CVE-2018-8059

The Djelibeybi configuration examples for use of NGINX in SUSE Portus 2.3, when applied to certain configurations involving Docker Compose, have a Missing SSL Certificate Validation issue because no proxyssl directives are used...

CVE-2012-6709

ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation...

Invalid Memory Access Vulnerability in SCCPX Module for Multiple Huawei Products

Huawei DP300, RP200, TE series, etc. are all-in-one desktop SmartZen and all-in-one video conferencing terminal products of Huawei China Company. An invalid memory access vulnerability exists in the SCCPX module of multiple Huawei products, which is due to the device failing to adequately detect...

CVE-2018-6318

In Sophos Tester Tool 3.2.0.7 Beta, the driver loads in the context of the application used to test an exploit or ransomware the DLL using a payload that runs from NTDLL.DLL so, it's run in userland, but the driver doesn't perform any validation of this DLL not its signature, not its hash, etc.. ...

DEBIAN-CVE-2017-12180

xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code...

CVE-2018-5271

In Malwarebytes Premium 3.3.1.2183, the driver file FARFLT.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e008. NOTE: the vendor reported that they "have not been able to reproduce the issu...

CVE-2017-16586

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2017-16583

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2017-17796

In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file VIRAGTLT.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x827300A4...

UBUNTU-CVE-2017-17718

The Net::LDAP aka net-ldap gem before 0.16.0 for Ruby has Missing SSL Certificate Validation...

UBUNTU-CVE-2017-17514

DISPUTED boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the...

CVE-2017-10941

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...