1652 matches found
Cisco IOS Software Denial-of-Service Vulnerability
A vulnerability in the Login Enhancements Login Block feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service DoS condition...
Adobe Reader and Acrobat Use-After-Free Vulnerability
Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution...
Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability
Format string vulnerability in the Link Layer Discovery Protocol LLDP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition or execute arbitrary code with elevated privileges o...
Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service DoS...
Cisco IOS Software SNMP Remote Code Execution Vulnerability
The Simple Network Management Protocol SNMP subsystem of Cisco IOS 1 contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a craft...
Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user...
SAP Customer Relationship Management (CRM) Path Traversal Vulnerability
SAP Customer Relationship Management CRM contains a path traversal vulnerability that allows an attacker to exploit insufficient validation of path information provided by users...
Langflow Missing Authentication Vulnerability
Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests...
Microsoft Windows Win32k Use-After-Free Vulnerability
Microsoft Windows Win32 Kernel Subsystem contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally...
CyberPanel Incorrect Default Permissions Vulnerability
CyberPanel contains an incorrect default permissions vulnerability that allows for authentication bypass and the execution of arbitrary commands using shell metacharacters in the statusfile property...
Microsoft SharePoint Deserialization Vulnerability
Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution...
SolarWinds Serv-U Path Traversal Vulnerability
SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine...
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...
Unitronics Vision PLC and HMI Insecure Default Password Vulnerability
Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands...
Oracle Fusion Middleware Unspecified Vulnerability
Oracle Fusion Middleware contains an unspecified vulnerability in the WLS Core Components that allows an unauthenticated attacker with network access via IIOP to compromise the WebLogic Server...
Oracle WebLogic Server Unspecified Vulnerability
Oracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server...
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Microsoft Windows Common Log File System CLFS driver contains an unspecified vulnerability that allows for privilege escalation...
Microsoft Windows Graphic Component Privilege Escalation Vulnerability
Microsoft Windows Graphic Component contains an unspecified vulnerability that allows for privilege escalation...
Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability that allows for remote code execution...
D-Link DIR-820L Remote Code Execution Vulnerability
D-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code execution...
WebKitGTK Memory Corruption Vulnerability
WebKitGTK contains a memory corruption vulnerability which can allow an attacker to perform remote code execution...
Checkbox Survey Deserialization of Untrusted Data Vulnerability
Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code...
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation...
Debian-specific Redis Server Lua Sandbox Escape Vulnerability
Redis is prone to a Debian-specific Lua sandbox escape, which could result in remote code execution...
ChakraCore Scripting Engine Type Confusion Vulnerability
The ChakraCore scripting engine contains a type confusion vulnerability which can allow for remote code execution...
Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability
There is a buffer overflow vulnerability in the Link Layer Discovery Protocol LLDP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software which could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition or execute arbitrary code...
Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial-of-Service Vulnerability
A vulnerability in the Border Gateway Protocol BGP over an Ethernet Virtual Private Network EVPN for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service DoS condition, or potentially corrupt the BGP routing table,...
Cisco IOS Software for Cisco Integrated Services Routers Denial-of-Service Vulnerability
A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 ISR G2 Routers running Cisco IOS could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service...
Cisco IOS Software Resource Management Errors Vulnerability
A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial-of-service DoS condition...
Microsoft SMBv1 Remote Code Execution Vulnerability
The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets...
Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability
Cisco IOS XR Distance Vector Multicast Routing Protocol DVMRP incorrectly handles Internet Group Management Protocol IGMP packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash...
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user...
Linux Kernel Out-of-Bounds Access Vulnerability
Linux Kernel contains an out-of-bounds access vulnerability in the USB-audio driver that allows an attacker with physical access to the system to use a malicious USB device to potentially manipulate system memory, escalate privileges, or execute arbitrary code...
Veeam Backup and Replication Deserialization Vulnerability
Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution...
VMware vCenter Server Incorrect Default File Permissions Vulnerability
VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information...
GNU C Library Buffer Overflow Vulnerability
GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBCTUNABLES environment variable, allowing a local attacker to execute code with elevated privileges...
Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability
Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication, an attacker is...
Samba Remote Code Execution Vulnerability
Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it...
Apache CouchDB Insecure Default Initialization of Resource Vulnerability
Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges...
Microsoft Windows Kernel Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory...
Cisco Adaptive Security Appliance (ASA) CLI Remote Code Execution Vulnerability
A vulnerability in the command-line interface CLI parser of Cisco ASA software could allow an authenticated, local attacker to create a denial-of-service DoS condition or potentially execute code...
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge...
InduSoft Web Studio NTWebServer Directory Traversal Vulnerability
InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution...
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution...
VMware Tanzu Spring Data Commons Property Binder Vulnerability
Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution...
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context...
Adobe BlazeDS Information Disclosure Vulnerability
Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure...
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code...
Microsoft PowerPoint Memory Corruption Vulnerability
Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted Office document...
Microsoft Windows Installer Privilege Escalation Vulnerability
Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation...