1649 matches found
Google Chromium V8 Out-of-Bounds Memory Access Vulnerability
Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...
Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability
Trend Micro Apex One and Worry-Free Business Security contain an unspecified vulnerability in the third-party anti-virus uninstaller that could allow an attacker to manipulate the module to conduct remote code execution. An attacker must first obtain administrative console access on the target...
Microsoft Outlook Security Feature Bypass Vulnerability
Microsoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt...
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge...
Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability
Juniper Junos OS contains an improper isolation or compartmentalization vulnerability. This vulnerability could allows a local attacker with high privileges to inject arbitrary code...
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting vulnerability impacting the confidentiality and integrity of data...
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web MOTW defenses via a specially crafted malicious file...
Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability
Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation...
Apple iOS and macOS Out-of-Bounds Write Vulnerability
Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges...
DotNetNuke (DNN) Remote Code Execution Vulnerability
DotNetNuke DNN contains a vulnerability that may allow for remote code execution via cookie deserialization...
Microsoft Internet Explorer Use-After-Free Vulnerability
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted product could be end-of-life EoL and/or end-of-service EoS. Users should discontinue product...
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges...
Microsoft Windows Scripting Languages Remote Code Execution Vulnerability
Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution...
Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability
Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges...
Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability
In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions...
Microsoft Internet Explorer Messaging API Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could allow the attacker to test for the presence of files on disk...
Microsoft Office Memory Corruption Vulnerability
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0802...
Oracle Fusion Middleware Unspecified Vulnerability
Oracle Fusion Middleware Reports Developer contains an unspecified vulnerability that allows remote attackers to affect confidentiality and integrity of affected systems...
ownCloud graphapi Information Disclosure Vulnerability
ownCloud graphapi contains an information disclosure vulnerability that can reveal sensitive data stored in phpinfo via GetPhpInfo.php, including administrative credentials...
Dasan GPON Routers Command Injection Vulnerability
Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution...
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability
Ivanti Endpoint Manager Mobile EPMM and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application...
Microsoft Skype for Business Privilege Escalation Vulnerability
Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation...
Veeam Backup & Replication Remote Code Execution Vulnerability
The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code...
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
Microsoft Windows Mark of the Web MOTW contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features...
Microsoft Windows CSRSS Security Feature Bypass Vulnerability
The Client-Server Run-time Subsystem CSRSS in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application...
Microsoft Windows Media Center Remote Code Execution Vulnerability
Microsoft Windows Media Center contains a remote code execution vulnerability when Windows Media Center opens a specially crafted Media Center link .mcl file that references malicious code...
Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
Microsoft Windows Common Log File System CLFS driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges...
Microsoft Word Information Disclosure Vulnerability
Microsoft Word contains an unspecified vulnerability that allows for information disclosure...
Linux Kernel Privilege Escalation Vulnerability
Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe."...
HP OpenView Network Node Manager Remote Code Execution Vulnerability
HP OpenView Network Node Manager could allow a remote attacker to execute arbitrary commands on the system...
VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. Successful exploitation allows an attacker with administrative privileges to a virtual machine to leak memory from the vmx process...
Microsoft WordPad Information Disclosure Vulnerability
Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure...
Microsoft Silverlight Runtime Remote Code Execution Vulnerability
Microsoft Silverlight mishandles negative offsets during decoding, which allows attackers to execute remote code or cause a denial-of-service DoS...
Microsoft Office Use-After-Free Vulnerability
Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution...
Microsoft Office Security Feature Bypass Vulnerability
A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands...
VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
VMware ESXi and Workstation contain a time-of-check time-of-use TOCTOU race condition vulnerability that leads to an out-of-bounds write. Successful exploitation enables an attacker with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process...
Paessler PRTG Network Monitor OS Command Injection Vulnerability
Paessler PRTG Network Monitor contains an OS command injection vulnerability that allows an attacker with administrative privileges to execute commands via the PRTG System Administrator web console...
Google Chromium GPU Heap Buffer Overflow Vulnerability
Google Chromium GPU contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but n...
Microsoft XML Core Services Information Disclosure Vulnerability
Microsoft XML Core Services MSXML improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site...
Google Skia Integer Overflow Vulnerability
Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a malicious file. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other produc...
Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability
Cisco IOS, IOS XR, and IOS XE contain insufficient condition checks in the part of the code that handles Internet Key Exchange version 1 IKEv1 security negotiation requests. contains an information disclosure vulnerability in the Internet Key Exchange version 1 IKEv1 that could allow an attacker ...
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution...
Sophos Firewall Code Injection Vulnerability
A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution...
Microsoft Windows Privilege Escalation Vulnerability
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call ALPC...
Microsoft Excel Featheader Record Memory Corruption Vulnerability
Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset...
Microsoft Windows Remote Code Execution Vulnerability
Microsoft Windows Kernel contains an unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers that allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page...
Google Chromium ANGLE and GPU Improper Input Validation Vulnerability
Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not...
Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability
Microsoft Windows Fast FAT File System Driver contains an integer overflow or wraparound vulnerability that allows an unauthorized attacker to execute code locally...
Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability
Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass...
Apple Multiple Products WebKit Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which...