Lucene search
K

217 matches found

Cvelist
Cvelist
added 2025/08/04 12:0 a.m.9 views

CVE-2025-53395

Paramount Macrium Reflect through 2025-06-26 allows local attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx backup file and a malicious VSSSvr.dll located in the same directory. When a user with administrative privileges mounts a backup by opening the .mrimgx...

7.7CVSS0.00165EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/04 12:0 a.m.4 views

CVE-2025-53394

Paramount Macrium Reflect through 2025-06-26 allows attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx or .mrbax backup file and a renamed executable placed in the same directory. When a user with administrative privileges opens the crafted backup file and...

7.7CVSS7AI score0.00165EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/04 12:0 a.m.3 views

Paramount Macrium Reflect 安全漏洞

Paramount Macrium Reflect is an image-based backup and recovery software from Paramount UK. A security vulnerability exists in Paramount Macrium Reflect version 2025-06-26 and earlier, which stems from an insecure DLL search path that could lead to the execution of arbitrary code with administrat...

7.7CVSS7.1AI score0.00165EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/04 12:0 a.m.10 views

PT-2025-31853 · Macrium · Macrium Reflect

Name of the Vulnerable Software and Affected Versions: Macrium Reflect versions through 2025-06-26 Description: Macrium Reflect allows attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx or .mrbax backup file. The attack involves placing a renamed executable in...

7.7CVSS6.9AI score0.00165EPSS
Exploits0References6
CVE
CVE
added 2025/08/04 12:0 a.m.21 views

CVE-2025-53395

CVE-2025-53395 / CVE-2025-53394 describe local code execution in Paramount Macrium Reflect prior to 2025-06-26, caused by untrusted DLL search path behavior in ReflectMonitor.exe when mounting crafted backup files (e.g., .mrimgx) and a malicious DLL (VSSSvr.dll) placed in the same directory, or b...

7.7CVSS7.2AI score0.00165EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/07/07 8:13 a.m.6 views

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate...

7.8CVSS6AI score0.00279EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/07/07 7:29 a.m.5 views

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate...

7.8CVSS6AI score0.00279EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/07/07 7:20 a.m.4 views

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate...

7.8CVSS6AI score0.00279EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/07/07 2:49 a.m.8 views

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate...

7.8CVSS6AI score0.00279EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/07/07 2:46 a.m.4 views

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate...

7.8CVSS6AI score0.00279EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/07/07 2:31 a.m.3 views

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate...

7.8CVSS6AI score0.00279EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/07/07 2:31 a.m.4 views

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate...

7.8CVSS6AI score0.00279EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/07/07 1:26 a.m.9 views

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate...

7.8CVSS6AI score0.00279EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/07/07 1:25 a.m.4 views

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate...

7.8CVSS6AI score0.00279EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 7:10 a.m.5 views

CVE-2024-55511

A null pointer dereference vulnerability in Macrium Reflect prior to 8.1.8017 allows a local attacker to cause a system crash or potentially elevate their privileges via executing a specially crafted executable...

7.8CVSS6.6AI score0.00299EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:5 p.m.10 views

CVE-2021-37468

NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files...

3.3CVSS6.4AI score0.00247EPSS
Exploits1References1
OSV
OSV
added 2025/05/06 12:30 p.m.2 views

GHSA-53WX-PR6Q-M3J5 Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these packages to be...

7.1CVSS7.4AI score0.01446EPSS
Exploits0References5
OSV
OSV
added 2025/05/06 10:15 a.m.4 views

CVE-2025-46762

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these packages to be...

8.1CVSS6.1AI score0.01446EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/05/06 10:15 a.m.2 views

CVE-2025-46762

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these packages to be...

8.1CVSS6.1AI score0.01446EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/01 9:30 a.m.3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data during schema parsing. An attacker can execute arbitrary code by passing in malicious classes as ReflectData or SpecificData inputs to the schema parser. Details Serialization is a process of converting...

10CVSS7.8AI score0.38701EPSS
Exploits9References2
Rows per page
Query Builder