VulnCheck KEV: CVE-2021-34481

A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change,...

CVE-2022-45884

An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvbregisterdevice dynamically allocating fops...

Trend Micro Apex One Security Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

Delta Industrial Automation InfraSuite Device Master CtrlLayerNWCmd_FileOperation Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CtrlLayerNWCmdFileOperation function...

Delta Industrial Automation InfraSuite Device Master CtrlLayerNWCmd_FileOperation Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation InfraSuite Device Master. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CtrlLayerNWCmdFileOperation function. When...

Synology Presto File Server 路径遍历漏洞

Synology Presto File Server is a high-speed file transfer suite from China-based Synology Inc. A path traversal vulnerability exists in Synology Presto File Server versions prior to 2.1.2-1601, which stems from improperly restricting pathnames of restricted directories in the File Operations...

Advantech R-SeeNet out.php Directory Traversal Arbitrary File Read and Deletion Vulnerability

This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of Advantech R-SeeNet. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the filename and path parameters...

Oracle Access Management CustomReadServlet Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle Access Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the ContextValue parameter provided to the...

Adobe ColdFusion Application Server Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Application Server endpoint, which listens on TCP port 8500 by default. The issue...

Adobe ColdFusion Application Server Directory Traversal Arbitrary File Disclosure Or Deletion Vulnerability

This vulnerability allows remote attackers to disclose or delete sensitive files on affected installations of Adobe ColdFusion. Authentication is required to exploit this vulnerability. The specific flaw exists within the Application Server endpoint, which listens on TCP port 8500 by default. The...

Adobe ColdFusion Application Server Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe ColdFusion. Authentication is required to exploit this vulnerability. The specific flaw exists within the Application Server endpoint, which listens on TCP port 8500 by default. The iss...

Adobe ColdFusion Application Server Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe ColdFusion. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Application Server endpoint, which listens on TCP port 8500 by default. The...

Trend Micro Apex One Vulnerability Protection Service Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Apex One...

North Korean Hackers Deploying New MagicRAT Malware in Targeted Campaigns

The prolific North Korean nation-state actor known as the Lazarus Group has been linked to a new remote access trojan called MagicRAT. The previously unknown piece of malware is said to have been deployed in victim networks that had been initially breached via successful exploitation of...

ICONICS GENESIS64 GDFX File Parsing Path Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS GENESIS64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

rpm4 -- Multiple Vulnerabilities

rpm project reports: Fix intermediate symlinks not verified CVE-2021-35939. Fix subkey binding signatures not checked on PGP public keys CVE-2021-3521. Refactor file and directory operations to use fd-based APIs throughout CVE-2021-35938...

CVE-2022-30264

The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. They utilize the ROC protocol 4000/TCP, 5000/TCP for communications between a master terminal and RTUs. Opcode 203 of this protocol allows a master terminal to transfer files to and from the...

ICONICS GENESIS64 colorpalletes Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of ICONICS GENESIS64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the colorpalletes endpoint. When parsing the path parameter, the process does...

EnterpriseDT CompleteFTP Server HttpFile Directory Traversal Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpFile class. The issue results from the lack of proper validation...

Fixed CVEs in openssl: CVE-2022-1292, CVE-2022-2068

CVE-2022-1292: crehash: Do not use shell to invoke openssl to prevent command injection - CVE-2022-2068: crehash: Fix file operations to prevent command injection...