Security News

CVE-2018-4918

National Vulnerability Database - Sat, 05/19/2018 - 13:29
Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Categories: Security News

CVE-2018-4919

National Vulnerability Database - Sat, 05/19/2018 - 13:29
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Categories: Security News

CVE-2018-4920

National Vulnerability Database - Sat, 05/19/2018 - 13:29
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Categories: Security News

CVE-2018-4921

National Vulnerability Database - Sat, 05/19/2018 - 13:29
Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability. Successful exploitation could lead to information disclosure.
Categories: Security News

CVE-2018-4923

National Vulnerability Database - Sat, 05/19/2018 - 13:29
Adobe Connect versions 9.7 and earlier have an exploitable OS Command Injection. Successful exploitation could lead to arbitrary file deletion.
Categories: Security News

CVE-2018-4924

National Vulnerability Database - Sat, 05/19/2018 - 13:29
Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Categories: Security News

CVE-2018-4925

National Vulnerability Database - Sat, 05/19/2018 - 13:29
Adobe Digital Editions versions 4.5.7 and below have an exploitable Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Categories: Security News

CVE-2018-4926

National Vulnerability Database - Sat, 05/19/2018 - 13:29
Adobe Digital Editions versions 4.5.7 and below have an exploitable Stack Overflow vulnerability. Successful exploitation could lead to information disclosure.
Categories: Security News

CVE-2018-4927

National Vulnerability Database - Sat, 05/19/2018 - 13:29
Adobe InDesign versions 13.0 and below have an exploitable Untrusted Search Path vulnerability. Successful exploitation could lead to local privilege escalation.
Categories: Security News

CVE-2018-4928

National Vulnerability Database - Sat, 05/19/2018 - 13:29
Adobe InDesign versions 13.0 and below have an exploitable Memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Categories: Security News

CVE-2018-1147

National Vulnerability Database - Fri, 05/18/2018 - 18:29
In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session. In other scenarios, XSS could also occur by altering variables from the Advanced Settings.
Categories: Security News

CVE-2018-1148

National Vulnerability Database - Fri, 05/18/2018 - 18:29
In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the application. An authenticated attacker could maintain system access due to session fixation after a user password change.
Categories: Security News

CVE-2018-6562

National Vulnerability Database - Fri, 05/18/2018 - 16:29
totemomail Encryption Gateway before 6.0_b567 allows remote attackers to obtain sensitive information about user sessions and encryption key material via a JSONP hijacking attack.
Categories: Security News

CVE-2018-8867

National Vulnerability Database - Fri, 05/18/2018 - 16:29
In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable.
Categories: Security News

CVE-2017-18271

National Vulnerability Database - Fri, 05/18/2018 - 15:29
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.
Categories: Security News

CVE-2017-18272

National Vulnerability Database - Fri, 05/18/2018 - 15:29
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call.
Categories: Security News

CVE-2017-18273

National Vulnerability Database - Fri, 05/18/2018 - 15:29
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call.
Categories: Security News

CVE-2018-11251

National Vulnerability Database - Fri, 05/18/2018 - 15:29
In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a crafted SUN image file.
Categories: Security News

CVE-2018-11254

National Vulnerability Database - Fri, 05/18/2018 - 15:29
An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file, a related issue to CVE-2017-8054.
Categories: Security News

CVE-2018-11255

National Vulnerability Database - Fri, 05/18/2018 - 15:29
An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPageNumber() in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
Categories: Security News

Pages