1652 matches found
GIGABYTE Multiple Products Privilege Escalation Vulnerability
The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges...
Oracle WebLogic Server Unspecified Vulnerability
Oracle WebLogic Server contains an unspecified vulnerability which can allow an unauthenticated attacker with T3 network access to compromise the server...
Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability
A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service RDoS attacks...
Oracle JRE Sandbox Bypass Vulnerability
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle allows remote attackers to bypass the Java security sandbox...
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation...
Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status...
Microsoft Office Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory...
Apache Airflow Command Injection
A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow...
FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem...
Qualcomm Multiple Chipsets Improper Input Validation Vulnerability
Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...
Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication...
Microsoft Windows CryptoAPI Spoofing Vulnerability
Microsoft Windows CryptoAPI Crypt32.dll contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography ECC certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was fro...
Adobe ColdFusion Unrestricted File Upload Vulnerability
Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution...
Apple Multiple Products WebKit Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products...
D-Link DIR-825 R1 Devices Buffer Overflow Vulnerability
D-Link DIR-825 R1 devices contain a buffer overflow vulnerability in the web interface that may allow for remote code execution...
Apple Multiple Products Memory Initialization Vulnerability
Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory...
Apple macOS Unspecified Vulnerability
Apple macOS Transparency, Consent, and Control TCC contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences...
Cisco IOS XR Software Discovery Protocol Format String Vulnerability
Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute code with administrative privileges or cause a reload on an affected device...
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability...
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability...
Drupal Core Remote Code Execution Vulnerability
Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise...
Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution...
Microsoft Windows Kernel Privilege Escalation Vulnerability
Microsoft Windows kernel contains an unspecified vulnerability when handling objects in memory that allows attackers to escalate privileges and execute code in kernel mode...
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation...
Microsoft Windows DNS Server Remote Code Execution Vulnerability
Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed...
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain...
Microsoft Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability
Microsoft Desktop Window Manager DWM Core Library contains an unspecified vulnerability that allows for privilege escalation...
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k kernel-mode driver fails to properly handle objects in memory which allows for privilege escalation. Successful exploitation allows an attacker to run code in kernel mode...
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution...
Microsoft Netlogon Privilege Escalation Vulnerability
Microsoft's Netlogon Remote Protocol MS-NRPC contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An attacker who successfully exploits the vulnerability could run a specially crafted application on a...
VMware vCenter Server Information Disclosure Vulnerability
VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service vmdir when the Platform Services Controller PSC does not correctly implement access controls. Successful exploitation allows an attacker with network access to port 389 to extract sensitive...
Citrix NetScaler Memory Overflow Vulnerability
Citrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that could allow for remote code execution and/or denial of service...
D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability
D-Link DCS-2530L and DCS-2670L devices contains a command injection vulnerability in the cgi-bin/ddnsenc.cgi. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...
D-Link DIR-859 Router Path Traversal Vulnerability
D-Link DIR-859 routers contain a path traversal vulnerability in the file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml allows for the leakage of session data potentially enabling...
Srimax Output Messenger Directory Traversal Vulnerability
Srimax Output Messenger contains a directory traversal vulnerability that allows an attacker to access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
Zimbra Collaboration contains a cross-site scripting XSS vulnerability in the CalendarInvite feature of the Zimbra webmail classic user interface. An attacker can exploit this vulnerability via an email message containing a crafted calendar header, leading to the execution of arbitrary JavaScript...
Adobe ColdFusion Deserialization Vulnerability
Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution...
7-Zip Mark of the Web Bypass Vulnerability
7-Zip contains a protection mechanism failure vulnerability that allows remote attackers to bypass the Mark-of-the-Web security feature to execute arbitrary code in the context of the current user...
Oracle WebLogic Server Unspecified Vulnerability
Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP or T3...
Nostromo nhttpd Directory Traversal Vulnerability
Nostromo nhttpd contains a directory traversal vulnerability in the httpverify function in a non-chrooted nhttpd server allowing for remote code execution...
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections...
ConnectWise ScreenConnect Authentication Bypass Vulnerability
ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices...
FXC AE1021, AE1021PE OS Command Injection Vulnerability
FXC AE1021 and AE1021PE contain an OS command injection vulnerability that allows authenticated users to execute commands via a network...
Qualcomm Multiple Chipsets Use-After-Free Vulnerability
Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in progress...
Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability
Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerability was chained with CVE-2023-41064...
Citrix Content Collaboration ShareFile Improper Access Control Vulnerability
Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers...
Apache Log4j2 Deserialization of Untrusted Data Vulnerability
Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations...
Veritas Backup Exec Agent File Access Vulnerability
Veritas Backup Exec BE Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a data management protocol command to access files on the BE Agent machine...
QNAP QTS Improper Input Validation Vulnerability
QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system...
Adobe Flash Player Memory Corruption Vulnerability
Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service DoS...