CVE-2025-21042

Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code...

The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of website structures, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the Adobe Experience Manager content and media data management system, related to the lack of measures taken to protect the website structure, allows a perpetrator to execute arbitrary code.

The vulnerability of the Adobe Experience Manager content and media data management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of TP-Link M7650 4G LTE Mobile Wi-Fi Router’s microprogramming software lies in the lack of measures taken to protect the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of TP-Link M7650 4G LTE Mobile Wi-Fi Router’s microprogramming software is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing specially crafted SQL code remotel...

CVE-2018-9411

In decrypt of ClearKeyCasPlugin.cpp there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2018-9341

In impeg2dmcfullxfully of impeg2dmc.c there is a possible out of bound write due to missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation...

The vulnerability of the Adobe Experience Manager content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

PT-2024-20423 · Unknown · Employee Management System

Name of the Vulnerable Software and Affected Versions: Employee Management System version 1.0 Description: The issue allows a remote attacker to execute arbitrary code via the "edit-photo.php" component. This is due to an Unrestricted File Upload vulnerability. Recommendations: For Employee...

The vulnerability of the microprogrammed software of Advantech EKI-1524, EKI-1522, and EKI-1521 allows a perpetrator to execute arbitrary codes.

The vulnerability of microprogrammed software in Advantech EKI-1524, EKI-1522, and EKI-1521 industrial switches lies in the ability to write code outside the buffer memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted POST requests...

PT-2023-8435 · Ibm · Ibm I Access Client Solutions

Name of the Vulnerable Software and Affected Versions: IBM i Access Client Solutions versions 1.1.2 through 1.1.4 IBM i Access Client Solutions versions 1.1.4.3 through 1.1.9.3 Description: The issue is related to insufficient authorization procedure in the IBM i Access Client Solutions, allowing...

The vulnerability of the ExportConfigs method of the Network Configuration Manager (NCM) software allows a perpetrator to execute arbitrary code.

The vulnerability of the ExportConfigs method in the Network Configuration Manager NCM software is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the SYSTEM context remotel...

CVE-2023-39238 ASUS RT-AX55、RT-AX56U_V2 - Format String - 1

It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its setiperf3svr.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution,...

Format string

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessagenormal function, in the dodetwancgi module of httpd. An unauthenticated remote attacker without privilege can...

Debian: Security Advisory (DSA-5413-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-3406-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability in the implementation of the Internet Key Exchange (IKE) protocol in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Internet Key Exchange IKE protocol implementation in Windows operating systems is related to synchronization errors when using a common resource. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518

A vulnerability has been discovered in Citrix Gateway and Citrix ADC, listed below, that, if exploited, could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance. CVE-ID| Description| CWE| Affected Products| Pre-conditions ---|---|---|---|---...

Remote code execution

In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary loca...

The vulnerability of the Cisco IOS operating system’s software loader for Cisco Catalyst Digital Building switches allows a perpetrator to execute arbitrary code.

The vulnerability of the Cisco IOS operating system’s microprogramming software for Cisco Catalyst Digital Building switches is related to security flaws. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Ubuntu 16.04 ESM : ncurses vulnerabilities (USN-5448-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5448-1 advisory. It was discovered that ncurses was not properly checking array bounds when executing the fmtentry function, which could result in an out-of-bounds write...