59898 matches found
CVE-2023-6549
Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read...
CVE-2023-7101
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of...
CVE-2023-35081
A path traversal vulnerability in Ivanti EPMM versions 11.10.x 11.10.0.3, 11.9.x 11.9.1.2 and 11.8.x 11.8.1.2 allows an authenticated administrator to write arbitrary files onto the appliance. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2023-29357
Microsoft SharePoint Server Elevation of Privilege Vulnerability Recent assessments: cbeek-r7 at January 17, 2024 10:31am UTC reported: CVE-2023-29357 is a critical vulnerability in Microsoft SharePoint Server, classified as an Elevation of Privilege EoP flaw. . This vulnerability allows attacker...
CVE-2023-27524
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRETKEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset...
CVE-2023-28432
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIOSECRETKEY and MINIOROOTPASSWORD, resulting in information disclosure. All users of...
CVE-2022-24706
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front o...
CVE-2021-3560
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this...
CVE-2021-1905
Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Recent...
CVE-2020-13927
The previous default setting for Airflow’s Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at...
CVE-2020-5929
In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous ADH or Ephemeral DHE Diffie-Hellman key exchange and Single DH use option not enable...
CVE-2020-13668
Drupal 8 and 9 have a reflected cross-site scripting XSS vulnerability under certain circumstances. An attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. Recent assessments: wvu-r7 at September 17, 2020 4:03pm UTC reported: This is...
CVE-2020-16152
The Aerohive/Extreme Networks HiveOS administrative webinterface NetConfig is vulnerable to LFI because it uses an old version of PHP vulnerable to string truncation attacks. An attacker is able to use this in conjunction with log poisoning to gain root rights on a vulnerable access point. Recent...
CVE-2020-2021 PAN-OS: Authentication Bypass in SAML Authentication
When Security Assertion Markup Language SAML authentication is enabled and the ‘Validate Identity Provider Certificate’ option is disabled unchecked, improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources...
CVE-2020-1054
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1143. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...
CVE-2020-12641
rcubeimage.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2019-17026
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 68.4.1, Thunderbird 68.4.1, and Firefox 72.0.1. Recent assessments: gwillcox-r7 a...
CVE-2019-19193
The Bluetooth Low Energy peripheral implementation on Texas Instruments SIMPLELINK-CC2640R2-SDK through 3.30.00.20 and BLE-STACK through 1.5.0 before Q4 2019 for CC2640R2 and CC2540/1 devices does not properly restrict the advertisement connection request packet on reception, allowing attackers i...
CVE-2019-16920
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a “PingTest” device common gateway interface that could lead to common injection. An attacker who successfully triggers...
CVE-2019-16759
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2019-0880
A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka ‘Microsoft splwow64 Elevation of Privilege Vulnerability’. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2019-7609
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands...
CVE-2018-6065
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: Assessed Attacker Value: 0 Assessed...
CVE-2018-8581
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka “Microsoft Exchange Server Elevation of Privilege Vulnerability.” This affects Microsoft Exchange Server. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
GIGABYTE BRIX UEFI firmware fails to securely implement BIOS write protection
GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 version F6 and GB-BXi7-5775 version F2 platforms does not securely implement BIOSWE, BLE, SMMBWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash. Recent assessment...
CVE-2017-16651
Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host’s filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid...
Remote code execution triggered by malformed GIF in ImageIO framework, affecting most iOS/macOS apps
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the “ImageIO” component. It allows remote attackers to execute arbitrary code or cause a denial of...
CVE-2017-0145
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka...
CVE-2015-0016
Directory traversal vulnerability in the TS WebProxy aka TSWbPrxy component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted...
CVE-2014-2120
Cross-site scripting XSS vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance ASA Software allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun19025. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...
CVE-2023-46805
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. Recent assessments: cbeek-r7 at January 11, 2024 10:43am UTC reported: CVE-2023-46805 is an...
CVE-2022-48618
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been...
CVE-2023-4762
Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2022-41223
The Director database component of MiVoice Connect through 19.3 22.22.6100.0 could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restrictions on the database data type. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value...
CVE-2022-32893
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have...
CVE-2022-20821
A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attack...
CVE-2022-24976
Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence...
CVE-2021-41357
Win32k Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2021-38633
Windows Common Log File System Driver Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2021-3493
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow...
CVE-2020-36193
Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2020-17136
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2020-17103, CVE-2020-17134. Recent assessments: gwillcox-r7 at December 15, 2020 7:34pm UTC reported: A nice little LPE technique which takes advantage of several issues as originally noted ...
CVE-2020-28949
ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite files can still succeed. Recent assessments: gwillcox-r7 at January 15, 2021 8:42pm UTC reported: Original advisory and PoC can be found at...
CVE-2020-17463
FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2020-12695 "CallStranger"
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. Recent assessments: kevthehermit at June 0...
CVE-2020-3161
A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service DoS condition. The vulnerability is due to a lack of proper input validation of HT...
Installing a malicious gem may lead to arbitrary code execution
An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensureloadablespec during the preinstall check. Recent...
CVE-2020-0069
In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2020-10220
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter. Recent assessments: theguly at March 12, 2020 3:39pm UTC reported: i love these type of vulnerabilities because they chain three findings normally...
CVE-2020-6842
D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name. Recent assessments: kevthehermit at February 22, 2020 11:00pm UTC reported: This analysis is a transcript of a public gist – Original...