74766 matches found
CVE-2021-46422
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication...
CVE-2022-26500
Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...
CVE-2021-45931
HarfBuzz 2.9.0 has an out-of-bounds write in hbbitsetinvertiblet::set called from hbsparsesett::set and hbsetcopy...
CVE-2021-30761
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. Recent assessments: gwillcox-r7...
CVE-2021-3655
A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory...
CVE-2020-16017
Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Recent assessments: gwillcox-r7 at November 22, 2020 2:37am UTC reported: Reported as...
CVE-2020-5948 — F5 TMUI XSS vulnerability
On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2. Undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the...
CVE-2020-13927
The previous default setting for Airflow’s Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at...
CVE-2020-7460
In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace...
CVE-2020-14295
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries. Recent assessments: h00die at May 31, 2021 12:03pm UTC reported: Authenticated user is able to cause a...
CVE-2020-1301 Windows SMB Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 SMBv1 server handles certain requests, aka ‘Windows SMB Remote Code Execution Vulnerability’. Recent assessments: gwillcox-r7 at June 10, 2020 12:14am UTC reported: To add to @busterb’s assessment,...
CVE-2020-1054
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-1143. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...
CVE-2020-10827
A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
Cisco Prime Infrastructure runrshell Local Privilege Escalation Vulnerability
Cisco Prime Infrastructure CPI is a wired and wireless network management software suite that consists of different networking applications from Cisco Systems. The system is used across various industries, from healthcare, manufacturing, government, IT, etc. A vulnerability was found in the...
Atlassian Crowd: pdkinstall development plugin incorrectly enabled (CVE-2019-11580)
Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code...
CVE-2020-0655
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an authenticated attacker abuses clipboard redirection, aka ‘Remote Desktop Services Remote Code Execution Vulnerability’. Recent assessments: zeroSteiner at May 14, 2020 3:27...
CVE-2019-16928
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in stringvformat in string.c involving a long EHLO command. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value:...
CVE-2019-16920
Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a “PingTest” device common gateway interface that could lead to common injection. An attacker who successfully triggers...
CVE-2019-5786
Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2018-13383
A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle...
CVE-2019-7609
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands...
CVE-2018-8581
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka “Microsoft Exchange Server Elevation of Privilege Vulnerability.” This affects Microsoft Exchange Server. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
Cisco ASA Directory Traversal
A vulnerability in the web interface of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. It is also possible on certain software releases that the ASA will...
CVE-2017-12240
The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload,...
CVE-2017-6627
A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, and 15.4 and IOS XE 3.14 through 3.18 could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and a denial of service DoS condition. The...
CVE-2017-0001
The Graphics Device Interface GDI in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka “Windows GDI...
CVE-2016-9563
BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity XXE attacks via the sap.comtcbpemhimuwlconnproviderweb/bpemuwlconn URI, aka SAP Security Note 2296909. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...
CVE-2016-1019
Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...
UPnP unique_service_name Buffer Overflow
Stack-based buffer overflow in the uniqueservicename function in ssdp/ssdpserver.c in the SSDP parser in the portable SDK for UPnP Devices aka libupnp, formerly the Intel SDK for UPnP devices before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string th...
CVE-2012-1710
Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1709. Recent...
CVE-2002-0367
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit. Recent assessments:...
CVE-2026-55597
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder. This issue has been fixed in version7.1.2-26...
CVE-2026-55594
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a missing depth check in the MVG decoder will result in a stack overflow when a crafted image is provided. This issue has been fixed in versions 6.9.13-51 and...
CVE-2025-5419
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2024-23897
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an ‘@’ character followed by a file path in an argument with the file’s contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system...
CVE-2023-6549
Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read...
CVE-2024-0519
Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2023-7101
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of...
CVE-2023-46407
FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist-alphabetsize variable in the readvlcprefix function...
CVE-2023-36563
Microsoft WordPad Information Disclosure Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2023-4911
A buffer overflow was discovered in the GNU C Library’s dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...
CVE-2023-26369
Acrobat Reader versions 23.003.20284 and earlier, 20.005.30516 and earlier and 20.005.30514 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in th...
CVE-2023-29300
Adobe ColdFusion versions 2018u16 and earlier, 2021u6 and earlier and 2023.0.0.330468 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. Recent assessments:...
CVE-2023-32435
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have...
CVE-2023-29357
Microsoft SharePoint Server Elevation of Privilege Vulnerability Recent assessments: cbeek-r7 at January 17, 2024 10:31am UTC reported: CVE-2023-29357 is a critical vulnerability in Microsoft SharePoint Server, classified as an Elevation of Privilege EoP flaw. . This vulnerability allows attacker...
CVE-2021-44168
A download of code without integrity check vulnerability in the “execute restore src-vis” command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages. Recent assessments: Assessed Attacker Value: 0 Assess...
CVE-2021-38152
CVE-mitre:index.php/appointment/insertpatientaddappointment in Chikitsa Patient Management System 2.0.0 allows XSS. nu11secur1ty: XSS-Stored - Brutal PWNED on Chikitsa 2.0.0 parameter "name" + User: Unrestricted File Upload ".php"...
CVE-2021-22899
A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code execution via Windows Resource Profiles Feature Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2021-1905
Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Recent...
CVE-2020-5929
In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous ADH or Ephemeral DHE Diffie-Hellman key exchange and Single DH use option not enable...