75202 matches found
CVE-2020-35730
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkrefaddindex in rcubestringreplacer.php. Recent assessments: Assess...
CVE-2020-15900
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The ‘rsearch’ calculation for the ‘post’ size resulted in a size that was too large, and could underflow to max uint32t. This was fixed...
CVE-2017-16238
RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...
CVE-2020-10263 - Smart Speaker Root Shell via internal UART
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can i read Wi-Fi SSID or password, ii read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, iii use Text-To-Speech tools pretend...
CVE-2020-9442
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there. Recent assessments: wolfthefallen at February 28, 2020 10:58pm UTC reported: Research of...
Easy Adress Book Web Server Buffer Overflow
Easy Adress Book Web Server suffers from a vulnerability while processing a user-supplied cookie, specifically the UserID parameter, which allows the attacker to cause a buffer overflow and result a crash or gain arbitrary code execution under the context of the user. This was originally discover...
CVE-2020-0662
A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka ‘Windows Remote Code Execution Vulnerability’. Recent assessments: zeroSteiner at March 17, 2020 8:31pm UTC reported: Analysis performed using ipnathlp.dll from Windows Server 2019 x64 sha256:...
CVE-2019-17520
The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio range to cause a denial of service crash via crafted packets. Recent assessments: pbarry-r7 at Apr...
CVE-2020-3120 (AKA: CDPwn)
A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service DoS condition. The vulnerability is d...
CVE-2019-5183
An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially crafted...
CVE-2020-3941
The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. This vulnerability is not present in VMware Tools 11.x.y since the affected functionality is not present in VMware Tools 11. Recen...
CVE-2019-8506
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. Recent assessments: Assess...
Kubectl/API Server YAML parsing vulnerable to "Billion Laughs" Attack
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...
CVE-2019-1214
An elevation of privilege vulnerability exists when the Windows Common Log File System CLFS driver improperly handles objects in memory, aka ‘Windows Common Log File System Driver Elevation of Privilege Vulnerability’. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...
CVE-2018-7841
A SQL Injection CWE-89 vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
Oracle Application Testing Suite DownloadServlet Directory Traversal Remote Code Execution
Oracle Application Testing Suite versions 13.3.0.1 and prior are vulnerable to a directory traversal attack. An attacker could leverage this to steal sensitive credentials, decrypt them, gain privileges, and get remote code execution. Recent assessments: wchen-r7 at May 09, 2019 5:57pm UTC...
CVE-2018-4344
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
VMWare Fusion APIs available without auth via web socket (CVE-2019-5514)
VMware Fusion 11.x before 11.0.3 contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is...
CVE-2018-8390
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359,...
Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core – Highly critical –...
CVE-2013-3018
The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager TADDM 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354. Recent assessment...
CVE-2018-6530
OS command injection vulnerability in soap.cgi soapcgimain in cgibin in D-Link DIR-880L DIR-880LREVAFIRMWAREPATCH1.08B04 and previous versions, DIR-868L DIR868LA1FW112b04 and previous versions, DIR-65L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and...
LabF nfsAxe FTP Client 3.7 Stack Buffer Overflow
Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC reported: This is plibfree3 0:001 g Destination buffer for WS232!recv is at: 0x0233f4f4 Now we have located the...
CVE-2017-15944
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...
CVE-2016-8562
A vulnerability has been identified in SIMATIC CP 1543-1 All versions V2.0.28, SIPLUS NET CP 1543-1 All versions V2.0.28. Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these...
CVE-2016-1646
The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted...
MS15-134 Microsoft Office COM Object DLL Planting with els.dll
While loading an embedded object in Microsoft Word or other Microsoft Office products, it is possible to load a Classic Event Viewer Extension, which causes a LoadLibraryW call that attempts to load elsext.dll from the same directory as the Office document. From an untrusted remote share such as...
CVE-2015-2425
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-2383 and CVE-2015-2384. Recent assessments:...
CVE-2015-3113
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015. Recent assessments:...
CVE-2014-3977
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179. Recent assessments: timb-machine at March 05, 2021 12:41am UTC reported:...
CVE-2012-2034
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute...
CVE-2011-4723
The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2011-0611
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll aka AuthPlayLib.bundle in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x...
CVE-2011-0609
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll aka AuthPlayLib.bundle in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windo...
CVE-2010-2572
Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka “PowerPoint Parsing Buffer Overflow Vulnerability.” Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...
CVE-2009-3129
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows...
CVE-2004-1464
Cisco IOS 12.215 and earlier allows remote attackers to cause a denial of service refused VTY virtual terminal connections, via a crafted TCP connection to the Telnet or reverse Telnet port. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2026-13455
PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to repeatedly call the anon.hash function and collects seed, hashoutput pairs to perform an offline brute-force attack and deduce the salt. The problem is resolved in PostgreSQL Anonymizer 3.1.2 and later version...
CVE-2026-11621
A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...
CVE-2026-46211
In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: fix error handling in msmioctlgeminfogetmetadata msmioctlgeminfogetmetadata always returns 0 regardless of errors. When copytouser fails or the user buffer is too small, the error code stored in ret is ignored becaus...
CVE-2026-46195
In the Linux kernel, the following vulnerability has been resolved: smb: client: validate dacloffset before building DACL pointers parsesecdesc, buildsecdesc, and the chown path in idmodetocifsacl all add the server-supplied dacloffset to pntsd before proving a DACL header fits inside the returne...
CVE-2026-2237
A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local users on Windows to obtain sensitive information...
CVE-2026-44371
Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2...
CVE-2025-24993
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2025-26633
Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally. Recent assessments: cbeek-r7 at March 26, 2025 11:31am UTC reported: CVE-2025-26633, nicknamed “MSC EvilTwin”, is a security feature bypass vulnerability in Microsoft...
CVE-2024-9537
ScienceLogic SL1 formerly EM7 is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines...
CVE-2024-32113
Improper Limitation of a Pathname to a Restricted Directory ‘Path Traversal’ vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue. Recent assessments: Assessed Attacker Value: 0 Assessed Attacke...
CVE-2023-42824
The issue was addressed with improved checks. This issue is fixed in iOS 16.7.1 and iPadOS 16.7.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6. Recent assessments:...
CVE-2023-41104
libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL Varnish Configuration...
CVE-2023-38889
An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroupsjava.lang.String...