Lucene search
K

1415 matches found

Kaspersky
Kaspersky
added 2018/04/19 12:0 a.m.568 views

KLA11237 Multiple vulnerabilities in Foxit Reader and Foxit PhantomPDF

Multiple serious vulnerabilities have been found in Foxit Reader and Foxit PhantomPDF. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service and execute arbitrary code. Below is a complete list of vulnerabilities: 1. An unsafe DLL loading...

8.8CVSS9.2AI score0.24033EPSS
Exploits12References4
CVE
CVE
added 2018/04/05 1:0 p.m.94 views

CVE-2018-1315

CVE-2018-1315 affects Apache Hive 2.1.0–2.3.2 when using the HPL/SQL extension and issuing COPY FROM FTP. The FTP client does not verify the destination path, allowing a compromised FTP server to cause the downloaded file to be written to an arbitrary location on the cluster where the command is ...

4.3CVSS4.6AI score0.0178EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/04/03 3:18 p.m.10 views

SUSE-SU-2018:0863-1 Security update for clamav

This update for clamav fixes the following issues: Security issues fixed: - CVE-2012-6706: VMSFDELTA filter inside the unrar implementation allows an arbitrary memory write bsc1045315. - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CH...

10CVSS8.1AI score0.10027EPSS
Exploits4References11
Debian
Debian
added 2018/03/26 11:5 p.m.42 views

[SECURITY] [DLA 1319-1] firefox-esr security update

Package : firefox-esr Version : 52.7.2esr-1deb7u1 CVE ID : CVE-2018-5146 CVE-2018-5147 Richard Zhu and Huzaifa Sidhpurwala discovered that an out-of-bounds memory write when playing Vorbis media files could result in the execution of arbitrary code. For Debian 7 "Wheezy", these problems have been...

9.8CVSS9.2AI score0.12054EPSS
Exploits0
CVE
CVE
added 2018/03/26 6:0 p.m.38 views

CVE-2014-2312

Thermald contains a local-privilege vulnerability in android_main.cpp that allows a symlink attack on /tmp/thermald.pid to overwrite arbitrary files. Impact is arbitrary file write (I = HIGH) with local access and no user interaction required. The connected sources confirm the affected software (...

6.6CVSS5.3AI score0.00358EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/03/22 12:0 a.m.6 views

NCR S1 Dispenser controller authentication vulnerability

CR S1 Dispenser controller is a dispenser control board product from NCR Corporation. A security vulnerability exists in the memory write mechanism in the NCR S1 Dispenser controller using firmware version 0x0108. An attacker can exploit this vulnerability to upgrade or downgrade the device...

7.8CVSS6.9AI score0.01167EPSS
Exploits0References1
CNVD
CNVD
added 2018/03/22 12:0 a.m.8 views

NCR S2 Dispenser controller authentication vulnerability

NCR S2 Dispenser controller is a dispenser control board product from NCR Corporation. A security vulnerability exists in the memory write mechanism in the NCR S2 Dispenser controller using firmware version 0x0108. An attacker could exploit this vulnerability to upgrade or downgrade the device...

7.8CVSS6.9AI score0.01246EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/03/19 12:0 a.m.25 views

Debian DSA-4141-1 : libvorbisidec - security update

Huzaifa Sidhpurwala discovered that an out-of-bounds memory write in the codebook parsing code of the Libtremor multimedia library could result in the execution of arbitrary code if a malformed Vorbis file is opened. C Tenable Network Security, Inc. The descriptive text and package checks in this...

9.8CVSS8.8AI score0.02471EPSS
Exploits0References6
CNVD
CNVD
added 2018/03/06 12:0 a.m.4 views

YXCMS has multiple vulnerabilities

Yxcms is an enterprise building system based on PHP and mysql technology. Yxcms 1.4.6 version exists stored XSS, arbitrary file deletion, file write, SQL injection vulnerability, attackers can exploit the vulnerability to obtain control of the web server...

8AI score
Exploits0
CNVD
CNVD
added 2018/02/24 12:0 a.m.5 views

Amazon Fire OS 'havok_write' function stack buffer overflow vulnerability

Amazon Fire OS is a set of mobile operating systems based on the Android platform from Amazon USA. A stack buffer overflow vulnerability exists in the 'havokwrite' function in the drivers/staging/havok/havok.c file in Amazon Fire OS. An attacker can exploit this vulnerability by sending a long...

10CVSS7.1AI score0.01851EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/02/24 12:0 a.m.51 views

Ubuntu: Security Advisory (USN-3583-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.5AI score0.84172EPSS
Exploits17References2
CNVD
CNVD
added 2018/02/22 12:0 a.m.4 views

File Write Vulnerability in Cscms v4.1.8

Cscms is a diversified content management system developed using PHP5+MYSQL as the technical basis. A file write vulnerability exists in Cscms v4.1.8, which is due to the system failing to effectively filter input parameters and file paths. An attacker can use this vulnerability to inject Trojan...

7.1AI score
Exploits0
CNVD
CNVD
added 2018/02/14 12:0 a.m.5 views

Multiple Adobe Products JavaScript API Out-of-Bounds Memory Write Vulnerability

Adobe Acrobat DC for Windows and Macintosh and so on are the United States of America Odobie Adobe company based on Windows and Macintosh platform products.Adobe Acrobat DC for Windows and Macintosh is a desktop version of the PDF solution; Acrobat Reader DC for Windows and Macintosh is a set of...

8.8CVSS7.4AI score0.15326EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/02/01 12:0 a.m.32 views

openSUSE Security Update : freeimage (openSUSE-2018-121)

This update for freeimage fixes one issues. This security issue was fixed : - CVE-2016-5684: Prevent out-of-bounds write vulnerability in the XMP image handling functionality. A specially crafted XMP file could have caused an arbitrary memory overwrite resulting in code execution boo1002621...

7.8CVSS8.3AI score0.0183EPSS
Exploits1References2
CVE
CVE
added 2018/01/18 6:0 a.m.53 views

CVE-2018-0088

The CVE-2018-0088 issue affects Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software. It stems from a diagnostic test CLI command that allows writing to device memory, enabling an authenticated local attacker (privilege level 15) to cause arbitrary code execution or a denial ...

7.2CVSS7.2AI score0.0039EPSS
Exploits0References2Affected Software1
0day.today
0day.today
added 2018/01/18 12:0 a.m.49 views

Microsoft Edge Chakra JIT - Out-of-Bounds Write Exploit

Exploit for windows platform in category dos / poc // Here's the PoC demonstrating OOB write. function optarr, start, end for let i = start; i end; i++ if i === 10 i += 0; // -- a arri = 2.3023e-320; function main let arr = new Array100; arr.fill1.1; for let i = 0; i 1000; i++ optarr, 0, 3; optar...

7.6CVSS7.5AI score0.78434EPSS
Exploits4
CNVD
CNVD
added 2018/01/18 12:0 a.m.4 views

K7 Antivirus Premium Arbitrary Memory Location Write Vulnerability

K7 Antivirus Premium is a suite of anti-virus software from K7 Computing India. A security vulnerability exists in K7 Antivirus Premium versions prior to 15.1.0.53. A local attacker can exploit this vulnerability with input to perform a write operation to an arbitrary memory location...

5.5CVSS6.7AI score0.00271EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/01/17 12:0 a.m.31 views

Debian DLA-1243-1 : xbmc security update

The Check Point Research Team discovered that the XBMC media center allows arbitrary file write when a malicious subtitle file is downloaded in zip format. This update requires the new dependency libboost-regex1.49. For Debian 7 'Wheezy', these problems have been fixed in version...

5.5CVSS6.3AI score0.02474EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2018/01/16 12:0 a.m.18 views

Debian: Security Advisory (DLA-900-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8AI score
Exploits0References3
NVD
NVD
added 2018/01/10 6:29 p.m.12 views

CVE-2014-4994

lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users to write to arbitrary files via a symlink attack on a temporary file, related to time-based filenames...

5.5CVSS5.5AI score0.00477EPSS
Exploits1References3
Rows per page
Query Builder