13538 matches found
Adobe Acrobat and Reader Use After Free (APSB17-24: CVE-2017-11231)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
Adobe Acrobat and Reader Memory Corruption (APSB17-24: CVE-2017-11216)
A memory corruption vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to the way Adobe Acrobat and Reader improperly processes specially crafted Enhanced Metafile EMF image format files. A remote attacker can exploit this issue by enticing a victim to open a specially...
Adobe Acrobat and Reader Memory Corruption (APSB17-24: CVE-2017-3122)
A Memory Corruption exists in Enhanced Metafile Format. The vulnerability is due to insufficient bounds check while processing EMF file. Attacker can exploit the vulnerability by using the out of bounds access for unintended reads, writes or frees potentially leading to code corruption,...
Adobe Acrobat and Reader Memory Corruption (APSB17-24: CVE-2017-11246)
A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to out-of-bounds error while accessing unintended memory in a specially crafted JPG file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted JPG file ...
Adobe Acrobat and Reader Heap Overflow (APSB17-24: CVE-2017-11220)
A heap overflow vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to the way Adobe processes memory bounds checks. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Adobe Acrobat and Reader Memory Corruption (APSB17-24: CVE-2017-11227)
A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to the record component of EMF files. A remote attacker might exploit this issue by convincing a victim to open a specially crafted PDF file...
Adobe Acrobat and Reader Use After Free (APSB17-24: CVE-2017-3120)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
Microsoft JET Database Engine Remote Code Execution (CVE-2017-0250)
A buffer overflow vulnerability exists in the Microsoft Jet Database Engine Jet. The vulnerability is due to an error in the way Microsoft JET Database Engine improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim ...
Adobe Acrobat and Reader Memory Corruption (APSB17-24: CVE-2017-11239)
A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to EMF records component. A remote attacker might exploit this issue by convincing a victim to open a specially crafted EMF file...
Adobe Acrobat and Reader Memory Corruption (APSB17-24: CVE-2017-11271)
A memory corruption vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to how the image conversion engine processes Enhanced Metafile Format EMF. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted EMF file with Adobe...
Adobe Acrobat and Reader Memory Corruption (APSB17-24: CVE-2017-11210)
A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to error while parsing fonts embedded in TTF file. A remote attacker can exploit this vulnerability for unintended reads potentially leading to information leak attack...
Adobe Acrobat and Reader Memory Corruption (APSB17-24: CVE-2017-11236)
A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...
Adobe Acrobat and Reader Memory Corruption (APSB17-24: CVE-2017-11268)
A memory corruption vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to how the image conversion engine processes Enhanced Metafile Format EMF. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted EMF file with Adobe...
Adobe Acrobat And Reader Memory Corruption (APSB17-24: CVE-2017-11226)
A memory corruption vulnerability exists in Adobe Acrobat And Reader. The vulnerability is due to an error in the image processing engine when processing JPEG 2000 JP2 code stream data. A remote attacker may exploit this vulnerability by using a crafted JP2 file that contains large values for til...
Adobe Acrobat and Reader Memory Corruption (APSB17-24: CVE-2017-11263)
A memory corruption vulnerability exists in Adobe Acrobat and Reader. A remote attacker may exploit this issue by enticing a target user to open a malicious PDF file with an affected version of Adobe Reader or Acrobat...
Adobe Acrobat and Reader Use After Free (APSB17-24: CVE-2017-11232)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted EMF file...
Adobe Acrobat and Reader Memory Corruption (APSB17-24: CVE-2017-3119)
A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while opening a PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file with Adobe Reader...
Adobe Acrobat and Reader Memory Corruption (APSB17-24: CVE-2017-11209)
An out-of-bounds read vulnerability exists in the XPS component of Adobe Acrobat. The vulnerability is due to improper handling of embedded JPEG images in an XPS document. A remote attacker could exploit this vulnerability by enticing a target user into opening a crafted XPS document...
Adobe Acrobat and Reader Information Disclosure (APSB17-24: CVE-2017-3115)
A Information Disclosure vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...
Adobe Acrobat and Reader Memory Corruption (APSB17-24: CVE-2017-11238)
A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in Adobe Reader and Acrobat while parsing a corrupted EMF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted file...
Adobe Acrobat and Reader Memory Corruption (APSB17-24: CVE-2017-11212)
A memory corruption vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to how the image conversion engine processes Enhanced Metafile Format EMF. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted EMF file with Adobe...
Adobe Acrobat and Reader Use After Free (APSB17-24: CVE-2017-11219)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file...
Microsoft Internet Explorer Security Feature Bypass (CVE-2017-8625)
A security feature bypass vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to Internet Explorer fails to validate User Mode Code Integrity UMCI policies. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected...
Adobe Acrobat and Reader Memory Corruption (APSB17-24: CVE-2017-11261)
A memory corruption vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to the way Adobe Acrobat and Reader improperly processes specially crafted Enhanced Metafile EMF image format files. A remote attacker can exploit this issue by enticing a victim to open a specially...
Adobe Acrobat and Reader Memory Corruption (APSB17-24: CVE-2017-11214)
A memory corruption vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to how the image conversion engine processes Enhanced Metafile Format EMF. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted EMF file with Adobe...
Cisco Prime Collaboration Provisioning logconfigtracer.jsp Directory Traversal (CVE-2017-6621)
An information disclosure vulnerability exists in Cisco Prime Collaboration Provisioning. The vulnerability is due to insufficient validation on user supplied paths when a request is sent to logconfigtracer.jsp page. A remote, unauthenticated attacker can exploit this vulnerability by sending a...
Adobe Acrobat and Reader Memory Corruption (APSB17-24: CVE-2017-3124)
A memory corruption vulnerability exists in the picture exchange PCX file format parsing module. The vulnerability is due to how the image conversion engine processes picture exchange PCX file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted...
Adobe Acrobat and Reader Memory Corruption (APSB17-24: CVE-2017-11267)
A memory corruption vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to how the image conversion engine processes Enhanced Metafile Format EMF. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted EMF file with Adobe...
Adobe Acrobat and Reader Memory Corruption (APSB17-24: CVE-2017-11234)
A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted TIFF file...
Adobe Acrobat and Reader Use After Free (APSB17-24: CVE-2017-11235)
An use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted JPEG file...
Adobe Acrobat and Reader Memory Corruption (APSB17-24: CVE-2017-11260)
A memory corruption vulnerability exists in Adobe Acrobat And Reader. The vulnerability is due to an error in the image conversion engine when processing Enhanced Metafile Format EMF private data. A remote attacker may exploit this vulnerability by using the out of bounds access for unintended...
Adobe Acrobat and Reader Memory Corruption (APSB17-24: CVE-2017-11262)
A memory corruption vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to how the image conversion engine processes Enhanced Metafile Format EMF. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted EMF file with Adobe...
Adobe Acrobat and Reader Security Bypass (APSB17-24: CVE-2017-11229)
A code injection vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to the FDF component of Adobe Reader and Acrobat. A remote attacker might exploit this issue by convincing a victim to open a specially crafted PDF file...
Microsoft Windows Performance Monitor XXE Injection Information Disclosure (CVE-2017-0170)
An XML external entity XXE injection vulnerability exists in Windows Performance Monitor component of Microsoft Windows. The vulnerability is due to a failure to properly handle external entity references in XML files...
Phamm helpers.php Cross-Site Scripting (CVE-2017-0378)
A reflected cross-site scripting vulnerability exists in Phamm. The vulnerability is due to insufficient validation of user-supplied input within views/helpers.php. A remote, unauthenticated attacker could exploit this vulnerability by enticing an user to click a maliciously crafted link or open ...
Rpcbind XDR Parsing Memory Exhaustion Denial of Service (CVE-2017-8779)
A resource exhaustion vulnerability exists in rpcbind, within its associated library libtirpc. The vulnerability is due to an unbounded memory leak when parsing XDR strings. A remote attacker could exploit this vulnerability by sending specially crafted RPC messages to the vulnerable server...
Dahua IoT Devices Backdoor Unauthorized Access
An Unauthorized Access Vulnerability exists in Dahua devices. Successful exploitation of this vulnerability could allow a remote attacker to gain administrator level access on the affected device...
Microsoft Edge AsmJsInterpreter Use After Free (CVE-2017-8603)
A use-after-free vulnerability exists in Microsoft Edge. This vulnerability is due to an error while handling objects in memory when processing HTML and script code. A remote attacker could exploit these vulnerabilities by enticing the target user to open a specially crafted web page...
ManageEngine Desktop Central Remote Code Execution (CVE-2017-11346)
A remote Code Execution vulnerability exists in ManageEngine Desktop Central. The vulnerability is due to insufficient check of parameter. By sending crafted request ,a remote attacker can place a file under a directory that allows server-side scripts to run...
Microsoft Windows SMB SMBLoris Denial of Service
A memory saturation vulnerability has been reported in Windows NetBIOS Session Service protocol. A remote authenticated or guest attacker could exploit this vulnerability by sending specially crafted requests to the target server. Successful exploitation of this vulnerability results in a denial ...
Apache httpd ap_find_token Out of Bounds Read (CVE-2017-7668)
An out-of-bounds read vulnerability exists in Apache HTTP server. This vulnerability is due to improper token list parsing in the apfindtoken function. A remote, unauthenticated attacker could exploit the vulnerability by sending maliciously crafted HTTP request to the affected server...
Trend Micro SafeSync for Enterprise replace_local_disk Command Injection
A command injection vulnerability exists in Trend Micro's SafeSync for Enterprise. The vulnerability is due to insufficient validation of the user-supplied parameters in replacelocaldisk function. A remote, authenticated attacker could exploit this vulnerability by sending crafted input to the...
FreeRADIUS data2vp_wimax Heap Buffer Overflow (CVE-2017-10984)
A heap-based buffer overflow vulnerability exists in FreeRADIUS. The vulnerability is due to improper handling of the continuation flag in WiMAX attributes. A remote attacker can exploit the vulnerability by sending a crafted RADIUS packet with a malformed WiMAX attribute with the continuation fl...
Kaspersky Anti-Virus for Linux File Server getReportStatus Directory Traversal (CVE-2017-9812)
A directory traversal vulnerability exists in Kaspersky Anti-Virus for Linux File Server. The vulnerability is due to a lack of proper validation of a user-supplied path when a request is sent to check the status of a report. A remote, authenticated attacker can exploit this vulnerability by...
Netgear DGN2200 dnslookup.cgi Command Injection (CVE-2017-6334)
A command injection vulnerability exists in NETGEAR DGN2200 Router. The vulnerability is due to insufficient input validation in the router's web administration. Successful exploitation of this vulnerability could allow a remote attacker with valid login details to execute arbitrary code...
MediaWiki SyntaxHighlight Option Injection (CVE-2017-0372)
A remote code execution vulnerability has been reported in MediaWiki. The vulnerability is due to improper validation of user data. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request to the target, potentially leading to arbitrary code execution...
ISC BIND RPZ Query Processing Denial of Service (CVE-2017-3140)
A denial-of-service vulnerability has been reported in ISC BIND. The vulnerability is due to a defect that can cause the named service to enter an infinite loop while processing a query and running a specific configuration. A remote, unauthenticated attacker could exploit this vulnerability by...
IPFire ids.cgi OINKCODE Parameter Command Injection (CVE-2017-9757)
A command injection vulnerability exists in the ids.cgi script of IPFire. The vulnerability is due to incorrect handling of the OINKCODE HTTP parameter. A remote authenticated attacker may exploit this vulnerability by sending a crafted request to the vulnerable CGI script...
Cisco Prime Infrastructure and EPNM multiple functions Cross Site Scripting (CVE-2017-6699)
A reflected cross-site scripting vulnerability has been reported in Cisco Prime Infrastructure and Evolved Programmable Network Manager. The vulnerability is due to insufficient validation of some request parameters in jsp functions. A remote user can exploit this vulnerability by enticing a targ...
Trend Micro SafeSync for Enterprise check_nfs_server_status Command Injection
A command injection vulnerability exists in Trend Micro's SafeSync for Enterprise. The vulnerability is due to insufficient validation of the user-supplied parameters in checknfsserverstatus function. A remote, authenticated attacker could exploit this vulnerability by sending a crafted input to...