1642 matches found
Apple Multiple Products Use-After-Free WebKit Vulnerability
Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple...
Array Networks ArrayOS AG OS Command Injection Vulnerability
Array Networks ArrayOS AG contains an OS command injection vulnerability that could allow an attacker to execute arbitrary commands...
Samsung Mobile Devices Out-of-Bounds Write Vulnerability
Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so. This vulnerability could allow remote attackers to execute arbitrary code...
Microsoft Windows Privilege Escalation Vulnerability
Microsoft Windows Common Log File System Driver contains a privilege escalation vulnerability that could allow a local, privileged attacker to bypass certain security mechanisms...
Microsoft Windows Out-of-Bounds Write Vulnerability
Microsoft Windows contains an out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code...
Libraesva Email Security Gateway Command Injection Vulnerability
Libraesva Email Security Gateway ESG contains a command injection vulnerability which allows command injection via a compressed e-mail attachment...
Rails Ruby on Rails Path Traversal Vulnerability
Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to render file: can cause arbitrary files on the target server to be rendered, disclosing the file contents...
Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability
Multi-Router Looking Glass MRLG contains a buffer overflow vulnerability that could allow remote attackers to cause an arbitrary memory write and memory corruption...
Craft CMS Code Injection Vulnerability
Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution if their php.ini configuration has registerargcargv enabled...
SaltStack Salt Shell Injection Vulnerability
SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users running the Salt API...
Unraid Authentication Bypass Vulnerability
Unraid contains an authentication bypass vulnerability that allows attackers to gain access to the administrative interface. This CVE is chainable with CVE-2020-5847 for remote code execution...
EyesOfNetwork Improper Privilege Management Vulnerability
EyesOfNetwork contains an improper privilege management vulnerability that may allow a user to run commands as root via a crafted Nmap Scripting Engine NSE script to nmap7...
Trend Micro OfficeScan Directory Traversal Vulnerability
Trend Micro OfficeScan contains a directory traversal vulnerability by extracting files from a zip file to a specific folder on the OfficeScan server, leading to remote code execution...
Trend Micro Multiple Products Improper Access Control Vulnerability
Trend Micro Apex One, OfficeScan, and Worry-Free Business Security on Microsoft Windows contain an improper access control vulnerability that may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function, and attain privileg...
Lantronix EDS5000 Code Injection Vulnerability
Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges...
Drupal Core SQL Injection Vulnerability
Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API...
Microsoft Internet Explorer Use-After-Free Vulnerability
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object. The impacted product could be end-of-life EoL and/or end-of-service EoS. Users shoul...
SimpleHelp Path Traversal Vulnerability
SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file i.e. zip slip. This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user...
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Ivanti Endpoint Manager Mobile EPMM contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution...
Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
Ivanti Endpoint Manager EPM contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data...
SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability
SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This could allow the attacker to point the SmarterMail instance to a malicious HTTP server which serves the malicious OS command and could lead to command execution...
Sangoma FreePBX OS Command Injection Vulnerability
Sangoma FreePBX Endpoint Manager contains an OS command injection vulnerability that could allow for a post-authentication command injection by an authenticated known user via the testconnection - checksshconnect function. An attacker can leverage this vulnerability to potentially obtain remote...
Gogs Path Traversal Vulnerability
Gogs contains a path traversal vulnerability affecting improper Symbolic link handling in the PutContents API that could allow for code execution...
RARLAB WinRAR Path Traversal Vulnerability
RARLAB WinRAR contains a path traversal vulnerability allowing an attacker to execute code in the context of the current user...
Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability
Oracle Fusion Middleware contains a missing authentication for critical function vulnerability, allowing unauthenticated remote attackers to take over Identity Manager...
Apple Multiple Products Unspecified Vulnerability
Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impacted product could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability
Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects...
Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability
Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects...
Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability
Microsoft Internet Explorer contains an uninitialized memory corruption vulnerability that could allow for remote code execution. The impacted product could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...
Samsung Mobile Devices Out-of-Bounds Write Vulnerability
Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so which allows remote attackers to execute arbitrary code...
Microsoft Internet Explorer Resource Management Errors Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...
D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability
D-Link DCS-2530L and DCS-2670L devices contains an unspecified vulnerability that could allow for remote administrator password disclosure. The impacted products could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product utilization...
SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability
SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives...
Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability
Synacor Zimbra Collaboration Suite ZCS contains a server-side request forgery SSRF vulnerability via the ProxyServlet component...
Qualcomm Multiple Chipsets Use-After-Free Vulnerability
Multiple Qualcomm chipsets contain a use-after-free vulnerability. This vulnerability allows for memory corruption while rendering graphics using Adreno GPU drivers in Chrome...
Sophos XG Firewall Buffer Overflow Vulnerability
Sophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the "HTTP/S bookmark" feature...
Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability
Balbooa Forms contains an unrestricted upload of file with dangerous type vulnerability that allows an unauthenticated arbitrary file upload which could allow uploading of executable files leading to full RCE...
Ubiquiti UniFi OS Path Traversal Vulnerability
Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account...
Ubiquiti UniFi OS Improper Input Validation Vulnerability
Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection...
Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability
Cisco Catalyst SD-WAN Manager contains a directory or path traversal vulnerability that could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system...
Microsoft Defender Link Following Vulnerability
Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally...
Microsoft Windows Protection Mechanism Failure Vulnerability
Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network...
SimpleHelp Missing Authorization Vulnerability
SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role...
Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
Quest KACE Systems Management Appliance SMA contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials...
Microsoft Windows Link Following Vulnerability
Microsoft Windows contains a link following vulnerability that allows for privilege escalation...
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution...
Apple Multiple Products Buffer Overflow Vulnerability
Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corruption...
Craft CMS Code Injection Vulnerability
Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code...
Omnissa Workspace ONE Server-Side Request Forgery
Omnissa Workspace One UEM formerly known as VMware Workspace One UEM contains a server-side request forgery SSRF vulnerability that could allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information...
RoundCube Webmail Cross-site Scripting Vulnerability
RoundCube Webmail contains a cross-site scripting vulnerability via the animate tag in an SVG document...