1652 matches found
SAP NetWeaver XML External Entity (XXE) Vulnerability
SAP NetWeaver Application Server Java Platforms contains an unspecified vulnerability in BC-BMT-BPM-DSK which allows remote, authenticated users to conduct XML External Entity XXE attacks...
vBulletin PHP Module Remote Code Execution Vulnerability
The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. This CVE ID resolves an incomplete patch for CVE-2019-16759...
Apple Multiple Products Type Confusion Vulnerability
Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges...
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution...
PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability
PaperCut NG/MF contains a cross-site request forgery CSRF vulnerability, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code...
Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability
Microsoft Windows New Technology File System NTFS contains an out-of-bounds read vulnerability that allows an authorized attacker to disclose information locally...
Microsoft Windows Storage Link Following Vulnerability
Microsoft Windows Storage contains a link following vulnerability that could allow for privilege escalation. This vulnerability could allow an attacker to delete data including data that results in the service being unavailable...
Oracle ADF Faces Deserialization of Untrusted Data Vulnerability
Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated remote code execution...
Android Pixel Information Disclosure Vulnerability
Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices...
Multiple SugarCRM Products Remote Code Execution Vulnerability
Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates...
Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario...
TIBCO JasperReports Server Information Disclosure Vulnerability
TIBCO JasperReports Server contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files...
QNAP Photo Station Externally Controlled Reference Vulnerability
Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign...
Microsoft Windows Graphics Device Interface (GDI) Privilege Escalation Vulnerability
The Graphics Device Interface GDI in Microsoft Windows allows local users to gain privileges via a crafted application...
Microsoft Win32k Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability could run remote code in the security context of the local system...
Jenkins Matrix Project Plugin Remote Code Execution Vulnerability
Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution...
NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability
The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution...
Cisco IOS Software and Cisco IOS XE Software Smart Install Denial-of-Service Vulnerability
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial-of-service DoS condition...
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document...
Apple OS X Authentication Bypass Vulnerability
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges...
MikroTik Router OS Directory Traversal Vulnerability
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface...
IBM Planning Analytics Remote Code Execution Vulnerability
IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting...
Microsoft Windows Error Reporting (WER) Privilege Escalation Vulnerability
Microsoft Windows Error Reporting WER contains a privilege escalation vulnerability due to the way it handles files, allowing for code execution in kernel mode...
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
Microsoft Windows Common Log File System CLFS Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally...
Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability
Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges...
Fortinet FortiManager Missing Authentication Vulnerability
Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests...
Microsoft Exchange Server Information Disclosure Vulnerability
Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution...
OSGeo GeoServer GeoTools Eval Injection Vulnerability
OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted input...
Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability
Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges...
Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability
Juniper Junos OS on EX Series and SRX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control an important environment variable. Using a crafted request, which sets the variable PHPRC, an attacker is able to modify the P...
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
Microsoft Windows Cryptographic Next Generation CNG Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges...
Microsoft Streaming Service Proxy Privilege Escalation Vulnerability
Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation...
Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information...
Adobe Flash Player Integer Overflow Vulnerability
Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments...
Apple macOS Out-of-Bounds Read Vulnerability
macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory...
Sophos Firewall Authentication Bypass Vulnerability
An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution...
Cisco VPN Routers Remote Code Execution Vulnerability
A vulnerability in the web interface of the Cisco VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as root and gain full control of an affected system...
Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Vulnerability
A vulnerability in the Virtual Private LAN Service VPLS code of Cisco IOS for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a denial of service...
Google Chromium Animation Use-After-Free Vulnerability
Google Chromium Animation contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge...
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in the context of the current user...
Grandstream Networks UCM6200 Series SQL Injection Vulnerability
Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Exploitation can allow for code execution as root...
Oracle WebLogic Server Remote Code Execution Vulnerability
Oracle WebLogic Server, a product within the Fusion Middleware suite, contains a deserialization vulnerability. Unauthenticated attackers with network access via T3 or IIOP can exploit this vulnerability to achieve remote code execution...
Apache OFBiz Path Traversal Vulnerability
Apache OFBiz contains a path traversal vulnerability that could allow for remote code execution...
Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability
Roundcube Webmail contains a cross-site scripting XSS vulnerability that allows a remote attacker to manipulate data via a malicious XML attachment...
Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass...
Google Chromium Visuals Use-After-Free Vulnerability
Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...
Barracuda Networks ESG Appliance Improper Input Validation Vulnerability
Barracuda Email Security Gateway ESG appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection...
Linux Kernel Use-After-Free Vulnerability
Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user...
Adobe Acrobat and Reader Unspecified Vulnerability
Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times...
Microsoft Internet Explorer Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information...