1396 matches found
Foxit Reader Text Annotations Remote Code Execution Vulnerability
Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the Text Annotations handling, which can be exploited to execute arbitrary code in the current process context due to a lack of validation before performing operations on objects...
Huawei Honor 8 Bdat Driver Integer Overflow Vulnerability
Huawei Honor 8 Youth is a smartphone device. An integer overflow vulnerability exists in the Huawei Honor 8 Youth Edition Bdat driver. Due to a lack of parameter checking, an attacker can exploit the vulnerability to trick a user into installing a malicious application and executing it with...
CVE-2018-8059
The Djelibeybi configuration examples for use of NGINX in SUSE Portus 2.3, when applied to certain configurations involving Docker Compose, have a Missing SSL Certificate Validation issue because no proxyssl directives are used...
CVE-2012-6709
ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation...
Invalid Memory Access Vulnerability in SCCPX Module for Multiple Huawei Products
Huawei DP300, RP200, TE series, etc. are all-in-one desktop SmartZen and all-in-one video conferencing terminal products of Huawei China Company. An invalid memory access vulnerability exists in the SCCPX module of multiple Huawei products, which is due to the device failing to adequately detect...
CVE-2018-6318
In Sophos Tester Tool 3.2.0.7 Beta, the driver loads in the context of the application used to test an exploit or ransomware the DLL using a payload that runs from NTDLL.DLL so, it's run in userland, but the driver doesn't perform any validation of this DLL not its signature, not its hash, etc.. ...
DEBIAN-CVE-2017-12180
xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code...
CVE-2018-5271
In Malwarebytes Premium 3.3.1.2183, the driver file FARFLT.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e008. NOTE: the vendor reported that they "have not been able to reproduce the issu...
CVE-2017-16586
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2017-16583
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2017-17796
In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file VIRAGTLT.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x827300A4...
UBUNTU-CVE-2017-17718
The Net::LDAP aka net-ldap gem before 0.16.0 for Ruby has Missing SSL Certificate Validation...
UBUNTU-CVE-2017-17514
DISPUTED boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the...
CVE-2017-10941
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
UBUNTU-CVE-2017-12176
xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code...
The vulnerability of Kaspersky Safe Browser’s antivirus protection lies in the lack of protection for service data, which allows attackers to obtain confidential information.
The vulnerability of Kaspersky Safe Browser lies in the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain confidential information using a specially crafted certificate. The problem is that Kaspersky Safe Browser does not...
CVE-2017-10950
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security 21.0.24.62. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...
CVE-2017-9457
Intense PC Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. The absence of signature validation allows an attacker with administrator privileges to flash a modified UEFI BIOS...
CVE-2017-6708
A vulnerability in the symbolic link symlink creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to the absence of...
Unauthorized Access Vulnerability in ioffice
iOffice is a mobile software for internal company to collaborate and communicate online on smartphones, send tasks, and share work knowledge and experience. An unauthorized access vulnerability exists in /prg/set/Report/ioRepTemp.aspx in ioffice, which allows attackers to exploit the vulnerabilit...