1652 matches found
Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability
Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process...
Hikvision Multiple Products Improper Authentication Vulnerability
Multiple Hikvision products contain an improper authentication vulnerability that could allow a malicious user to escalate privileges on the system and gain access to sensitive information...
Qualcomm Multiple Chipsets Memory Corruption Vulnerability
Multiple Qualcomm chipsets contain a memory corruption vulnerability while using alignments for memory allocation...
Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability
Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path or channel that could allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication...
Microsoft Office Security Feature Bypass Vulnerability
Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an unauthorized attacker to bypass a security feature locally. Some of the impacted products could be end-of-life EoL and/or end-of-servic...
D-Link DIR-859 Router Path Traversal Vulnerability
D-Link DIR-859 routers contain a path traversal vulnerability in the file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml allows for the leakage of session data potentially enabling...
Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability
Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution RCE. By exploiting a flaw in how SSH protocol...
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...
MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability
MDaemon Email Server contains a cross-site scripting XSS vulnerability that allows a remote attacker to load arbitrary JavaScript code via an HTML e-mail message...
Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
Hitachi Vantara Pentaho BA Server contains a special element injection vulnerability that allows an attacker to inject Spring templates into properties files, allowing for arbitrary command execution...
Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization...
Trimble Cityworks Deserialization Vulnerability
Trimble Cityworks contains a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services IIS web server...
Oracle WebLogic Server Unspecified Vulnerability
Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP or T3...
Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability
Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators...
Sophos Web Appliance Command Injection Vulnerability
Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution...
Adobe Acrobat and Reader Use-After-Free Vulnerability
Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user...
D-Link DWL-2600AP Access Point Command Injection Vulnerability
D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=configsave configBackup or downloadServerip parameter...
Samsung Mobile Devices Improper Boundary Check Vulnerability
Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access...
Veritas Backup Exec Agent Improper Authentication Vulnerability
Veritas Backup Exec BE Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme...
Teclib GLPI Remote Code Execution Vulnerability
Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed...
Samsung Mobile Devices Memory Corruption Vulnerability
Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369...
Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability
Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files improper input validation resulting in an out-of-bounds write that allows for code execution...
Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability
A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service RDoS attacks...
Microsoft Windows Runtime Remote Code Execution Vulnerability
Microsoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution...
Apple iOS and iPadOS Buffer Overflow Vulnerability
Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges...
Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability
Adobe Acrobat and Reader contains an array boundary issue in Universal 3D U3D support that could lead to remote code execution...
Microsoft Word Malformed Object Pointer Vulnerability
Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code...
Microsoft Internet Explorer Privilege Escalation Vulnerability
Microsoft Internet Explorer cotains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site...
Microsoft Silverlight Information Disclosure Vulnerability
Microsoft Silverlight does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application...
Microsoft Internet Explorer Information Disclosure Vulnerability
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk...
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation...
Crestron Multiple Products Command Injection Vulnerability
Multiple Crestron products are vulnerable to command injection via the filetransfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root...
Adobe Flash Player Remote Code Execution Vulnerability
Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code...
WatchGuard Firebox and XTM Privilege Escalation Vulnerability
WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access...
Adobe Flash Player Memory Corruption Vulnerability
Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service DoS...
VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability
Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files...
Citrix SD-WAN and NetScaler SQL Injection Vulnerability
Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection...
Cisco VPN Routers Remote Code Execution Vulnerability
A vulnerability in the web interface of the Cisco VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as root and gain full control of an affected system...
phpMyAdmin Remote Code Execution Vulnerability
Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...
QNAP Helpdesk Improper Access Control Vulnerability
QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information...
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication...
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context...
Microsoft Win32k Privilege Escalation Vulnerability
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory...
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload...
Linux Kernel Race Condition Vulnerability
Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges...
Adobe Flash Player Memory Corruption Vulnerability
A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution...
Microsoft Windows SAM Local Privilege Escalation Vulnerability
If a Volume Shadow Copy VSS shadow copy of the system drive is available, users can read the SAM file which would allow any user to escalate privileges to SYSTEM level...
SolarWinds Serv-U Improper Input Validation Vulnerability
SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers to build and send queries without sanitization...
Nagios XI OS Command Injection
Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server...
Oracle Business Intelligence Enterprise Edition Path Transversal
Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file...