2012 matches found
CVE-2020-15623
This vulnerability allows remote attackers to write arbitrary files on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmodsecurity.php. When parsing the archivo parameter, the process...
CVE-2020-15612
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxftpmanager.php. When parsing the userLogin parameter, the process...
CVE-2020-15427
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxdiskusage.php. When parsing the folderName parameter, the process...
Apache Ant: Multiple vulnerabilities
Background Ant is a Java-based build tool similar to ‘make’ that uses XML configuration files. Description Apache Ant was found to be using multiple insecure temporary files which may disclose sensitive information or execute code from an unsafe local location. Impact A local attacker could...
CVE-2020-8317
A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges...
Microsoft Windows Geolocation Framework Elevation of Privilege Vulnerability
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A security vulnerability exists in the way memory objects are handled in the Microsoft...
Microsoft Windows Credential Picker Elevation of Privilege Vulnerability
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A security vulnerability exists in the way memory objects are handled in the Microsoft...
Design/Logic Flaw
A vulnerability has been identified in Opcenter Execution Discrete All versions V3.2, Opcenter Execution Foundation All versions V3.2, Opcenter Execution Process All versions V3.2, Opcenter Intelligence All versions V3.3, Opcenter Quality All versions V11.3, Opcenter RD&L V8.0, SIMATIC Notifier...
Vulnerability of the Flash Player software platform, related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to bypass security restrictions and execute arbitrary code.
The vulnerability of the Adobe Flash Player software relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to bypass security restrictions and execute arbitrary code with system privileges...
Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...
CVE-2020-15397
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...
CVE-2020-15397
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This allows these users to execute code in the context of the user calling these binarie...
The vulnerability of the Windows operating system, related to errors in memory object handling, allows a perpetrator to escalate their privileges and execute arbitrary code.
The vulnerability of the Windows operating system is related to errors in memory object handling. Exploiting this vulnerability allows a remote attacker to increase their privileges and execute arbitrary code using a specially created application...
CVE-2020-3968
VMware ESXi 7.0 before ESXi7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG, Workstation 15.x before 15.5.5, and Fusion 11.x before 11.5.5 contain an out-of-bounds write vulnerability in the USB 3.0 controller xHCI. A malicious actor with local administrati...
Out-of-bounds
VMware ESXi 7.0 before ESXi7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG, Workstation 15.x before 15.5.5, and Fusion 11.x before 11.5.5 contain an out-of-bounds write vulnerability in the USB 3.0 controller xHCI. A malicious actor with local administrati...
CVE-2020-3969
VMware ESXi 7.0 before ESXi7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG, Workstation 15.x before 15.5.5, and Fusion 11.x before 11.5.5 contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual...
CVE-2020-3969
VMware ESXi 7.0 before ESXi7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG, Workstation 15.x before 15.5.5, and Fusion 11.x before 11.5.5 contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual...
The vulnerability of the Flash Player software, related to a data type conversion error, allows attackers to execute arbitrary code.
The vulnerability of the Flash Player software is related to a data type conversion error. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2020-4470
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. IBM X-Force ID: 181725...
McAfee VirusScan Enterprise Junction Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of McAfee VirusScan Enterprise. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...