206140 matches found
MiracleLinux 3 : firefox-24.8.0-2.0.1.AXS3 (AXSA:2014-523:05)
The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2014-523:05 advisory. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security issues fixed wit...
MiracleLinux 7 : git-1.8.3.1-14.el7 (AXSA:2018-3186:02)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3186:02 advisory. git: arbitrary code execution when recursively cloning a malicious repository CVE-2018-11235 Tenable has extracted the preceding description block directly...
CVE-2025-14237
CVE-2025-14237 is a buffer overflow in the XPS font parsing of Canon Small Office Multifunction Printers and Laser Printers. Affects firmware v06.02 and earlier across multiple Canon lines (Japan/US/Europe). The issue can allow a network attacker to cause a reboot/nonresponsive device or execute ...
CVE-2025-14236
Buffer overflow in Address Book attribute tag processing on Small Office Multifunction Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06.02 and...
CVE-2025-14233
CVE-2025-14233 is a Canon CPCA file deletion processing issue (invalid free) affecting Canon Small Office Multifunction Printers and Laser Printers, including Satera LBP670C/SMF750C, Color imageCLASS LBP630C/MF650C, imageCLASS LBP230, LBP1238 II, MF450, MF1643 variants, and i-SENSYS/imageRUNNER S...
CVE-2021-47807
Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries located in 'Program Files' directories to inject malicious...
CVE-2021-47805
Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries to inject malicious executables that will be run with elevated...
CVE-2021-47805 Disk Savvy 13.6.14 - 'Multiple' Unquoted Service Path
Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries to inject malicious executables that will be run with elevated...
CVE-2021-47792 Remote Mouse 4.002 - Unquoted Service Path
Remote Mouse 4.002 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the RemoteMouseService to inject malicious executables and gain administrative access...
CVE-2021-47792
Remote Mouse 4.002 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the RemoteMouseService to inject malicious executables and gain administrative access...
GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write
A flaw was found in GnuPG. An attacker can provide crafted input to the armorfilter function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code...
CVE-2026-23512
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. The application executes notepad.exe without specifying an absolute path when using the Advanced Options setting. On Windows, this allows...
GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write
A flaw was found in GnuPG. An attacker can provide crafted input to the armorfilter function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code...
CVE-2025-67078
Cross site scripting XSS vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute arbitrary code via the notify parameter of the file controller used to display errors...
CVE-2021-47819
ProjeQtOr Project Management 9.1.4 contains a file upload vulnerability that allows guest users to upload malicious PHP files with arbitrary code execution capabilities. Attackers can upload a PHP script through the profile attachment section and execute system commands by accessing the uploaded...
CVE-2021-47775
YouTube Video Grabber, now referred to as YouTube Downloader, 1.9.9.1 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attackers can craft a malicious payload of 712 bytes with SEH manipulation to trigger a...
CVE-2021-47762
HTTPDebuggerPro 9.11 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables and gain elevated...
EUVD-2026-2750
ProjeQtOr Project Management 9.1.4 contains a file upload vulnerability that allows guest users to upload malicious PHP files with arbitrary code execution capabilities. Attackers can upload a PHP script through the profile attachment section and execute system commands by accessing the uploaded...
CVE-2021-47775
CVE-2021-47775 affects YouTube Video Grabber (also called YouTube Downloader) version 1.9.9.1. The issue is a buffer overflow that allows arbitrary code execution by overwriting the Structured Exception Handler (SEH). An attacker can craft a 712-byte payload with SEH manipulation to trigger a bin...
CVE-2021-47775 YouTube Video Grabber 1.9.9.1 - Buffer Overflow (SEH)
YouTube Video Grabber, now referred to as YouTube Downloader, 1.9.9.1 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attackers can craft a malicious payload of 712 bytes with SEH manipulation to trigger a...