Parallels Desktop xHCI Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

CVE-2020-7254

Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense ATD 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command...

Microsoft Windows Printer Device Context Use-After-Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

Microsoft Windows ulGetNearestIndexFromColorref Out-Of-Bounds Write Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2016-11021

setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter...

Code execution vulnerability in QQMusic installation package

QQ Music QQMusic is the official music playback software launched by Tencent. A code execution vulnerability exists in the QQMusic installation package. An attacker can exploit the vulnerability to execute task code...

Microsoft Windows Client License Service Elevation of Privilege Vulnerability

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An elevation of privilege vulnerability exists in the way memory objects are handled in the Microsoft Windows Client License Service. An attacker could exploit the vulnerability by mea...

Design/Logic Flaw

This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Plone DTML SQL Injection

Plone is free and open source content management system. Plone DTML suffers from SQL injection, which can be exploited by remote attackers to submit a special SQL request to manipulate the database, which can obtain sensitive information or execute arbitrary code...

CVE-2014-8126

The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code...

Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2019-1362)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2019-1308)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

KLA11647 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerability in speech recognizer can be...

Oracle VirtualBox e1000 Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

CVE-2019-14906

A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized...

Cisco Data Center Network Manager serverinfo Hardcoded Password Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of web requests. The system contains a hard-cod...

CVE-2018-11237

A buffer overflow has been discovered in the GNU C Library aka glibc or libc6 in the mempcpyavx512novzeroupper function when particular conditions are met. An attacker could use this vulnerability to cause a denial of service or potentially execute code...

2345 Accelerate Browser suffers from dll hijacking vulnerability

2345 Accelerated Browser is a dual-core browser Chromium and IE dual-core promoted by Shanghai 2,3,4,5 Network Technology Co. 2345 Accelerated Browser has a dll hijacking vulnerability, which can be exploited by attackers to load a malicious dll and execute malicious code...

Docker docker-credential-helpers Double Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within docker-credential-helpers. Th...

Microsoft SQL Server Reporting Services Cross-Site Scripting Vulnerability

Microsoft SQL Server Reporting Services is a server-based reporting platform. A cross-site scripting vulnerability exists in Microsoft SQL Server Reporting Services that originates from the program failing to properly clean up a specially crafted web request. A remote attacker could exploit the...