Lucene search
K

1396 matches found

CNVD
CNVD
added 2018/04/28 12:0 a.m.4 views

Foxit Reader Text Annotations Remote Code Execution Vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the Text Annotations handling, which can be exploited to execute arbitrary code in the current process context due to a lack of validation before performing operations on objects...

8.8CVSS7.8AI score0.63313EPSS
Exploits13References1
CNVD
CNVD
added 2018/03/22 12:0 a.m.0 views

Huawei Honor 8 Bdat Driver Integer Overflow Vulnerability

Huawei Honor 8 Youth is a smartphone device. An integer overflow vulnerability exists in the Huawei Honor 8 Youth Edition Bdat driver. Due to a lack of parameter checking, an attacker can exploit the vulnerability to trick a user into installing a malicious application and executing it with...

9.3CVSS7.8AI score0.01009EPSS
Exploits0References1
NVD
NVD
added 2018/03/11 7:29 p.m.16 views

CVE-2018-8059

The Djelibeybi configuration examples for use of NGINX in SUSE Portus 2.3, when applied to certain configurations involving Docker Compose, have a Missing SSL Certificate Validation issue because no proxyssl directives are used...

8.8CVSS8.7AI score0.00532EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2018/02/23 5:29 p.m.2 views

CVE-2012-6709

ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation...

5.9CVSS5.5AI score0.00579EPSS
Exploits0References3
CNVD
CNVD
added 2018/02/09 12:0 a.m.2 views

Invalid Memory Access Vulnerability in SCCPX Module for Multiple Huawei Products

Huawei DP300, RP200, TE series, etc. are all-in-one desktop SmartZen and all-in-one video conferencing terminal products of Huawei China Company. An invalid memory access vulnerability exists in the SCCPX module of multiple Huawei products, which is due to the device failing to adequately detect...

5.3CVSS6.8AI score0.00909EPSS
Exploits0References1
OSV
OSV
added 2018/02/02 9:29 p.m.5 views

CVE-2018-6318

In Sophos Tester Tool 3.2.0.7 Beta, the driver loads in the context of the application used to test an exploit or ransomware the DLL using a payload that runs from NTDLL.DLL so, it's run in userland, but the driver doesn't perform any validation of this DLL not its signature, not its hash, etc.. ...

7.8CVSS5.8AI score0.01051EPSS
Exploits0References1
OSV
OSV
added 2018/01/24 3:29 p.m.1 views

DEBIAN-CVE-2017-12180

xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code...

9.8CVSS7.6AI score0.04314EPSS
Exploits0References1
OSV
OSV
added 2018/01/08 5:29 a.m.3 views

CVE-2018-5271

In Malwarebytes Premium 3.3.1.2183, the driver file FARFLT.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e008. NOTE: the vendor reported that they "have not been able to reproduce the issu...

7.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2017/12/20 2:29 p.m.6 views

CVE-2017-16586

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

8.8CVSS6.1AI score0.0259EPSS
Exploits0References2
OSV
OSV
added 2017/12/20 2:29 p.m.5 views

CVE-2017-16583

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

8.8CVSS6.1AI score0.0259EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2017/12/20 9:29 a.m.3 views

CVE-2017-17796

In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file VIRAGTLT.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x827300A4...

7.8CVSS7.6AI score0.00443EPSS
Exploits1References2
OSV
OSV
added 2017/12/17 9:29 p.m.2 views

UBUNTU-CVE-2017-17718

The Net::LDAP aka net-ldap gem before 0.16.0 for Ruby has Missing SSL Certificate Validation...

5.9CVSS6.6AI score0.01348EPSS
Exploits0References5
OSV
OSV
added 2017/12/14 4:29 p.m.4 views

UBUNTU-CVE-2017-17514

DISPUTED boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the...

8.8CVSS7.3AI score0.01685EPSS
Exploits0References4
OSV
OSV
added 2017/10/31 7:29 p.m.2 views

CVE-2017-10941

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

8.8CVSS6.1AI score0.0259EPSS
Exploits0References2
OSV
OSV
added 2017/10/12 12:0 a.m.1 views

UBUNTU-CVE-2017-12176

xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code...

9.8CVSS7.5AI score0.04246EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2017/09/28 12:0 a.m.5 views

The vulnerability of Kaspersky Safe Browser’s antivirus protection lies in the lack of protection for service data, which allows attackers to obtain confidential information.

The vulnerability of Kaspersky Safe Browser lies in the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain confidential information using a specially crafted certificate. The problem is that Kaspersky Safe Browser does not...

4.3CVSS6.2AI score0.01276EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2017/08/29 1:29 p.m.3 views

CVE-2017-10950

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security 21.0.24.62. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

7CVSS6.2AI score0.00344EPSS
Exploits0References2
OSV
OSV
added 2017/07/25 2:29 p.m.5 views

CVE-2017-9457

Intense PC Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. The absence of signature validation allows an attacker with administrator privileges to flash a modified UEFI BIOS...

6.7CVSS5.8AI score0.00826EPSS
Exploits0References3
OSV
OSV
added 2017/07/06 12:29 a.m.3 views

CVE-2017-6708

A vulnerability in the symbolic link symlink creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to the absence of...

9.8CVSS6AI score0.01456EPSS
Exploits0References2
CNVD
CNVD
added 2017/06/01 12:0 a.m.3 views

Unauthorized Access Vulnerability in ioffice

iOffice is a mobile software for internal company to collaborate and communicate online on smartphones, send tasks, and share work knowledge and experience. An unauthorized access vulnerability exists in /prg/set/Report/ioRepTemp.aspx in ioffice, which allows attackers to exploit the vulnerabilit...

6.8AI score
Exploits0
Rows per page
Query Builder