CVE-2018-3844
In Hyland Perceptive Document Filters 11.4.0.2647 – x86/x64 Windows/Linux, a crafted DOCX document can lead to a use-after-free resulting in direct code execution.
Source: CVE-2018-3844
[월:] 2018년 04월
CVE-2018-3845
CVE-2018-3845
In Hyland Perceptive Document Filters 11.4.0.2647 – x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution.
Source: CVE-2018-3845
CVE-2018-3851
CVE-2018-3851
In Hyland Perceptive Document Filters 11.4.0.2647 – x86/x64 Windows/Linux, an exploitable stack-based buffer overflow exists in the DOC-to-HTML conversion functionality of the Hyland Perceptive Document Filters version 11.4.0.2647. A crafted .doc document can lead to a stack-based buffer, resulting in direct code execution.
Source: CVE-2018-3851
CVE-2018-3855
CVE-2018-3855
In Hyland Perceptive Document Filters 11.4.0.2647 – x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution.
Source: CVE-2018-3855
CVE-2017-17543
CVE-2017-17543
Users’ VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms.
Source: CVE-2017-17543
CVE-2018-7527
CVE-2018-7527
A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file.
Source: CVE-2018-7527
CVE-2016-9602
CVE-2016-9602
Qemu before version 2.9 is vulnerable to an improper link following when built with the VirtFS. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host.
Source: CVE-2016-9602
CVE-2017-14010
CVE-2017-14010
An uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system.
Source: CVE-2017-14010
CVE-2018-7465
CVE-2018-7465
An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding </textarea> to the value and saving the product/config. By editing back the product/config, the editor’s browser will execute everything after the </textarea>, leading to a possible XSS.
Source: CVE-2018-7465
CVE-2017-15691
CVE-2017-15691
In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers. UIMA as part of its configuration and operation may read XML from various sources, which could be tainted in ways to cause inadvertent disclosure of local files or other internal content.
Source: CVE-2017-15691