74386 matches found
CVE-2024-23917
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2023-41060
A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. A remote user may be able to cause kernel code execution. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2021-4104
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...
CVE-2022-22620
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 v. 16612.4.9.1.8 and 15612.4.9.1.8. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a...
CVE-2015-4335 — Redis EVAL Lua Sandbox Escape
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. Recent assessments: hrbrmstr at June 08, 2020 6:38pm UTC reported: Ben Murphy’s dissection — — is pretty thorough. Assessed Attacker Value: 5 Assessed Attacker Value: 5Assessed...
CVE-2024-24919
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available. Recent assessments: remmons-r7 at May 30...
CVE-2021-1498
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Recent...
CVE-2020-3580
Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the web services interface of an...
CVE-2020-3843
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4.7, watchOS 5.3.7. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assesse...
CVE-2023-42820
JumpServer is an open source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, which could lead to password resets. If MFA is enabled users are not affect. Users not using local...
CVE-2024-55956
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. Recent assessments: sfewer-r7 at December 16...
CVE-2020-16846 — SaltStack Unauthenticated Shell Injection
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. Recent assessments: ccondon-r7 at October 14, 2021 2:31pm UTC reported: Being exploited in the wild as of April 2021. Juniper Networks...
CVE-2020-6418
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: J3rryBl4nks at March 04, 2020 4:42pm UTC reported: You would have to chain this vulnerability with a working sandbox escape in...
CVE-2020-3118 (AKA: CDPwn)
A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability is due to improper validation of string input from certain fields in Cisc...
Adobe Flash ByteArray Use-After-Free
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of...
CVE-2025-27533
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service DoS by depleting process memor...
CVE-2023-0129
Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. Chromium security severity: High Recent assessments:...
CVE-2022-2003
AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC...
CVE-2020-9496
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03 Recent assessments: wvu-r7 at August 13, 2020 8:00pm UTC reported: Pre-auth RCE in ERP software that’s free and isn’t SAP? Sweet. And it’s a long-standing Apache project that’s often...
CVE-2019-9810
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox 66.0.1, Firefox ESR 60.6.1, and Thunderbird 60.6.1. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...
CVE-2010-2568
Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted 1 .LNK or 2 .PIF shortcut file, which is not properly handled during icon display in Windows Explorer...
CVE-2024-20666
BitLocker Security Feature Bypass Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2022-41125
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2020-2551
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: WLS Core Components. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP...
CVE-2022-29464
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps...
CVE-2021-40539
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution. Recent assessments: ccondon-r7 at November 08, 2021 3:18pm UTC reported: Rapid7’s services teams are observing opportunistic exploitation of this...
CVE-2021-3129
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of filegetcontents and fileputcontents. This is exploitable on sites using debug mode with Laravel before 8.4.2. Recent assessments: ccondon-r7...
CVE-2020-11966
In IQrouter through 3.3.1, the Lua function resetpassword in the web-panel allows remote attackers to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a...
CVE-2016-2115
Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacnnp, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream. Recent assessments: Assessed Attacker Value: 0...
CVE-2013-3051
The TrustZone kernel, when used in conjunction with a certain Motorola build of Android 4.1.2, on Motorola Razr HD, Razr M, and Atrix HD devices with the Qualcomm MSM8960 chipset does not verify the association between a certain physical-address argument and a memory region, which allows local...
CVE-2022-34151
Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac...
CVE-2022-30525
A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100W firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1,...
eLearning V2(by: oretnom23) is vulnerable from remote SQL-Injection-Bypass-Authentication
Description: The eLearning V2by: oretnom23 is vulnerable from remote SQL-Injection-Bypass-Authentication in 3 accounts of the system admin, Faculty & Student in app /elearning/classes/Login.php. remote SQL-Injection-Bypass-Authentication: . The parameter username, facultyid, and studentid from th...
CVE-2020-10189
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets. Recent assessments: J3rryBl4nks at March 13, 2020 9:41pm...
CVE-2019-11510
In Pulse Secure Pulse Connect Secure PCS 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability . Recent assessments: dmelcher5151 at April 15, 2020 4:11pm UTC reported...
CVE-2017-18370
The ZyXEL P660HN-T1A v2 TCLinux Fw 7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated user. The vulnerability is in the logSet.asp page and can be exploited through the ServerIP...
CVE-2023-47784
Unrestricted Upload of File with Dangerous Type vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a through 6.6.15. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2023-6209
Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal “/../” part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox 120, Firefox ESR 115.5.0, and Thunderbird 115.5...
CVE-2023-21768
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability...
CVE-2022-21969
Microsoft Exchange Server Remote Code Execution Vulnerability...
CVE-2017-5698
Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user...
CVE-2023-32784
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file pagefile.sys, hibernation file hiberfil.sys, or RAM dump of the entire system. The...
CVE-2015-5119
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 AS3 implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of...
CVE-2019-12256 - VxWorks IPv4 Options Buffer Overflow
This vulnerability can be triggered by a specially crafted IP packet sent to the target device, even as a broadcast or multicast packet. It does not require any specific application or configuration to be running on the device, and it affects any device running VxWorks v6.9.4 or above with a...
CVE-2021-35247
Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized. SolarWinds has updated the input mechanism to perform additional validation and sanitization. Please Note: No downstream affect has been detected as the LDAP servers ignored improper...
CVE-2021-31799
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...
CVE-2021-35064
KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg...
CVE-2023-38035
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. Recent assessments: jheysel-r7 at...
CVE-2023-33137
Microsoft Excel Remote Code Execution Vulnerability Recent assessments: nu11secur1ty at June 27, 2023 9:52am UTC reported: CVE-2023-33137 Vendor Software Description: This exploit is connected with third part exploit server, which waits for the victim to call him and execute the content from him...
CVE-2022-1388
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End o...