1652 matches found
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution...
Microsoft Windows CLFS Driver Privilege Escalation Vulnerability
Microsoft Windows Common Log File System CLFS Driver contains an unspecified vulnerability that allows for privilege escalation...
Google Pixel Out-of-Bounds Write Vulnerability
Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege...
Drupal Core Remote Code Execution Vulnerability
In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases...
Oracle Java SE Integrity Check Vulnerability
Unspecified vulnerability in Oracle Java SE allows remote attackers to affect integrity via Unknown vectors related to deployment...
Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial-of-Service Vulnerability
A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol PN-DCP for Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service...
Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability
Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution...
Oracle Corporation WebLogic Server Remote Code Execution Vulnerability
Oracle Corporation WebLogic Server contains a vulnerability that allows for remote code execution...
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation...
SAP NetWeaver Missing Authentication for Critical Function Vulnerability
SAP NetWeaver Application Server Java Platforms contains a missing authentication for critical function vulnerability allowing unauthenticated access to execute configuration tasks and create administrative users...
Microsoft Exchange Server Security Feature Bypass Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass...
Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability
Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium,...
GeoVision Devices OS Command Injection Vulnerability
Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...
reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
reviewdog action-setup GitHub Action contains an embedded malicious code vulnerability that dumps exposed secrets to Github Actions Workflow Logs...
Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
Oracle Agile Product Lifecycle Management PLM contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the system...
Palo Alto Networks Expedition SQL Injection Vulnerability
Palo Alto Networks Expedition contains a SQL injection vulnerability that allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the...
Draytek VigorConnect Path Traversal Vulnerability
Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges...
Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability
Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability that allows an attacker to obtain unauthorized access...
D-Link DIR-859 Router Command Execution Vulnerability
D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to execute system commands as root by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local...
MinIO Information Disclosure Vulnerability
MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure...
Apple macOS Use-After-Free Vulnerability
Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation...
Veritas Backup Exec Agent Command Execution Vulnerability
Veritas Backup Exec BE Agent contains a command execution vulnerability that could allow an attacker to use a data management protocol command to execute a command on the BE Agent machine...
Linux Kernel Privilege Escalation Vulnerability
The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation...
Linux Kernel Privilege Escalation Vulnerability
Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perfsweventenabled array in swperfeventdestroy. Explotation allows for privilege escalation...
dotCMS Unrestricted Upload of File Vulnerability
dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution...
Adobe Reader and Acrobat Universal 3D Memory Corruption Vulnerability
The Universal 3D U3D component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service DoS...
QNAP Photo Station Path Traversal Vulnerability
QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files...
Microsoft Win32k Privilege Escalation Vulnerability
Win32k.sys in the kernel-mode drivers in Microsoft Windows allows local users to gain privileges or cause denial-of-service DoS...
Kaseya VSA SQL Injection Vulnerability
ConnectWise ManagedITSync integration for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database...
Microsoft Windows Event Tracing Privilege Escalation Vulnerability
Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation...
Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint...
Elasticsearch Remote Code Execution Vulnerability
Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code...
Exim Privilege Escalation Vulnerability
Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands...
Microsoft Windows Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context...
VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability
VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure...
Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability
An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution...
Adobe Flash Player Arbitrary Code Execution Vulnerability
Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content...
Zabbix Frontend Authentication Bypass Vulnerability
Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML...
Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution"...
Apache Struts 1 Improper Input Validation Vulnerability
The Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage...
Fortinet FortiOS Arbitrary File Download
Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files...
Arm Mali Graphics Processing Unit (GPU) Use-After-Free Vulnerability
Arm Mali Graphics Processing Unit GPU kernel driver contains a use-after-free vulnerability that may allow a non-privileged user to make improper operations on GPU memory to gain root privilege, and/or disclose information...
Google Chrome FreeType Heap Buffer Overflow Vulnerability
Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function LoadSBitPng when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and...
Microsoft MSHTML Remote Code Execution Vulnerability
Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution...
Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability
Zoho ManageEngine ServiceDesk Plus SDP contains an unspecified vulnerability that allows remote users to upload files via login page customization...
Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability
Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database RDB products contain an unspecified vulnerability that allows for remote code execution...
Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability
Microsoft .NET Framework, Microsoft SharePoint, and Visual Studio contain a remote code execution vulnerability when the software fails to check the source markup of XML file input. Successful exploitation allows an attacker to execute code in the context of the process responsible for...
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL endpoints. The attacker must have access to the NetScaler IP NSIP in order to perform exploitation...
Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability
Cisco Adaptive Security Appliance ASA contains an improper input validation vulnerability with HTTP URLs. Exploitation could allow an attacker to cause a denial-of-service DoS condition or information disclosure...
F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability
F5 BIG-IP Traffic Management User Interface TMUI contains a remote code execution vulnerability in undisclosed pages...