CVE-2023-44424

CVE-2023-44424 affects D-Link DIR-X3260 routers. A flaw in prog.cgi handling HNAP requests on the lighttpd web server (ports 80/443) allows command injection via an unsafely used user-supplied string, enabling code execution as root. Attack path requires network adjacency and bypasses authenticat...

CVE-2023-40474

GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...

CVE-2023-37342

CVE-2023-37342 affects Kofax Power PDF. The flaw is a heap-based buffer overflow in PNG file parsing due to insufficient validation of user-supplied data length, enabling remote code execution when a user opens a malicious PNG or visits a crafted page. The issue impacts parsing logic in Power PDF...

CVE-2023-35755 D-Link DAP-2622 DDP Set Date-Time Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set Date-Time Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

CVE-2023-35751

Affected product: D-Link DAP-2622 (DDP service). Vulnerability: Stack-based buffer overflow caused by improper validation of the length of user-supplied data prior to copying it into a fixed-length stack buffer, leading to remote code execution in the context of root. Impact/conditions: Remote co...

CVE-2024-27338

Kofax Power PDF app response Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2024-30362

Foxit PDF Editor/Reader (Windows; Mac notes appear in related Nessus/OpenVAS listings) is affected by a Use-After-Free vulnerability in object handling within PDF processing (AcroForm, Doc objects). The flaw stems from not validating the existence of an object before performing operations on it, ...

Microsoft Excel SKP File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP...

D-Link DAP-2622 DDP Change ID Password New Username Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation ...

Command injection

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Schneider Electric IGSS Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of TCP traffic by the dc.exe process. The issue results from the...

CVE-2020-17413

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

PT-2020-4282 · Microsoft · Office Word

Name of the Vulnerable Software and Affected Versions: Microsoft Word affected versions not specified Description: A security feature bypass issue exists in Microsoft Word software when it fails to properly handle .LNK files. An attacker who successfully exploited the issue could use a specially...

Deserialization of untrusted data

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Senstar Symphony 7.3.2.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSOAuth process. The issue results from the lack of proper...

CVE-2020-17394

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists...

Parallels Desktop Information Disclosure Vulnerability (CNVD-2020-46855)

Parallels Desktop is a virtual machine software that runs on Mac computers. An information disclosure vulnerability exists in prlhypervisor kext in versions prior to Parallels Desktop 15.1.4 47270. The vulnerability stems from a lack of proper validation of user-supplied data. An attacker could...

Marvell QConvergeConsole Remote Code Execution Vulnerability (CNVD-2020-46344)

Marvell QConvergeConsole QCC is a unified adapter management software across data centers from Marvell. The software is primarily used for Ethernet and Fibre Channel adapter management, among other things. A remote code execution vulnerability exists in the saveAsText method of the...

Arbitrary Code Execution

hylafaxplus is vulnerable to arbitrary code execution. The vulnerability exists as HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users e.g., locations under /var/spool/hylafax that are writable by the uucp account. This...

Stack overflow

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...