Lucene search
K

170 matches found

Vulnrichment
Vulnrichment
added 2024/03/12 7:21 a.m.14 views

CVE-2024-24964

Improper access control vulnerability exists in the resident process of SKYSEA Client View versions from Ver.11.220 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary process may be executed with SYSTEM privilege by a user who can log in to the PC where the product's Windows clie...

6.9AI score0.00408EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.8 views

PT-2024-20679 · Unknown · Skysea Client View

Name of the Vulnerable Software and Affected Versions: SKYSEA Client View versions from Ver.11.220 prior to Ver.19.2 Description: An improper access control issue exists in the resident process of SKYSEA Client View. This issue can be exploited to execute an arbitrary process with SYSTEM privileg...

6.3CVSS6.8AI score0.00408EPSS
Exploits0References7
Fedora
Fedora
added 2024/03/07 10:32 p.m.21 views

[SECURITY] Fedora 40 Update: apache-commons-exec-1.3-31.fc40

Commons Exec is a library for dealing with external process execution and environment management in Java...

8.8CVSS7AI score0.02578EPSS
Exploits3
Zero Day Initiative
Zero Day Initiative
added 2023/11/15 12:0 a.m.14 views

Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

7.8CVSS7.2AI score0.04907EPSS
Exploits0References1
NVD
NVD
added 2023/10/19 6:15 p.m.22 views

CVE-2023-5059

Santesoft Sante FFT Imaging lacks proper validation of user-supplied data when parsing DICOM files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...

7.8CVSS7.8AI score0.00201EPSS
Exploits0References1
NVD
NVD
added 2023/08/08 10:15 a.m.27 views

CVE-2023-39188

A vulnerability has been identified in Solid Edge SE2023 All versions V223.0 Update 7. The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the curre...

7.8CVSS7.6AI score0.00207EPSS
Exploits0References1
NVD
NVD
added 2023/04/20 7:15 p.m.22 views

CVE-2023-23579

Datakit CrossCadWarex64.dll contains an out-of-bounds write past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This could allow an attacker to execute code in the context of the current process...

7.8CVSS7.8AI score0.00235EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/03/15 12:0 a.m.36 views

Unity Technologies Unity Editor FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unity Technologies Unity Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

7.8CVSS5.4AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:26 a.m.4 views

SUSE CVE-2014-7230

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log...

2.1CVSS6.8AI score0.00469EPSS
Exploits0References5
OSV
OSV
added 2022/11/02 4:15 p.m.4 views

UBUNTU-CVE-2022-41716

Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...

7.5CVSS6.6AI score0.00778EPSS
Exploits0References5
Prion
Prion
added 2022/10/31 8:15 p.m.21 views

Remote code execution

The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when deserialized, could activate an opcode for a backup scheduling function without authentication...

7.5CVSS9.6AI score0.01242EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/09/26 1:25 p.m.39 views

CVE-2022-39243 NuProcess vulnerable to command-line injection through insertion of NUL character(s)

NuProcess is an external process execution implementation for Java. In all the versions of NuProcess where it forks processes by using the JVM's JavajavalangUNIXProcessforkAndExec method 1.2.0+, attackers can use NUL characters in their strings to perform command line injection. Java's...

8.4CVSS9.5AI score0.01177EPSS
Exploits1References5
OSV
OSV
added 2022/08/29 5:15 a.m.4 views

CVE-2022-21165

All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the childprocess.exec function...

9.8CVSS5.8AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/29 5:0 a.m.5 views

CVE-2022-21165

All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the childprocess.exec function...

9.8CVSS7.3AI score0.02991EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.12 views

The vulnerability of the software platform for industrial automation and IoT solutions, Elcomplus SmartICS, is related to inadequate access control mechanisms. This allows a malicious individual to complete any process within the system.

The vulnerability of the software platform for industrial automation and IoT solutions, Elcomplus SmartICS, is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to complete any process within the system remotely...

6.8CVSS5.6AI score0.00741EPSS
Exploits0References3Affected Software1
Microsoft Secure
Microsoft Secure
added 2022/06/30 1:30 p.m.26 views

Using process creation properties to catch evasion techniques

We developed a robust detection method in Microsoft Defender for Endpoint that can catch known and unknown variations of a process execution class used by attackers to evade detection. This class of stealthy execution techniques breaks some assumptions made by security products and enables...

Exploits0
NVD
NVD
added 2022/01/25 11:15 p.m.21 views

CVE-2021-36347

iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating...

9CVSS0.02397EPSS
Exploits0References1
Prion
Prion
added 2022/01/25 11:15 p.m.22 views

Stack overflow

iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating...

9CVSS7.2AI score0.02397EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2022/01/25 10:15 p.m.21 views

CVE-2021-36347

iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating...

6.2CVSS7.4AI score0.02397EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/23 12:0 a.m.30 views

Dell EMC iDRAC Denial of Service Vulnerability

Dell EMC iDRAC is an American Dell Dell hardware located on the server motherboard. It is used by system administrators to update and manage Dell systems. A denial of service vulnerability exists in the Dell EMC iDRAC, which arises from a failure to properly handle incoming error messages, and ca...

5.3CVSS5.9AI score0.04181EPSS
Exploits0References1
Rows per page
Query Builder