Mitel MiVoice Connect Code Injection Vulnerability

The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application...

Mitel MiVoice Connect Command Injection Vulnerability

The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system...

Cacti Command Injection Vulnerability

Cacti contains a command injection vulnerability that allows an unauthenticated user to execute code...

Microsoft Windows Graphic Component Privilege Escalation Vulnerability

Microsoft Windows Graphic Component contains an unspecified vulnerability that allows for privilege escalation...

Microsoft Office Publisher Security Feature Bypass Vulnerability

Microsoft Office Publisher contains a security feature bypass vulnerability that allows for a local, authenticated attack on a targeted system...

Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability

Microsoft Windows Common Log File System CLFS driver contains an unspecified vulnerability that allows for privilege escalation...

Apple Multiple Products WebKit Type Confusion Vulnerability

Apple iOS, MacOS, Safari and iPadOS WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely...

Intel Ethernet Diagnostics Driver for Windows Denial-of-Service Vulnerability

Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service DoS...

Fortra GoAnywhere MFT Remote Code Execution Vulnerability

Fortra formerly, HelpSystems GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object...

TerraMaster OS Remote Command Execution Vulnerability

TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint...

Multiple SugarCRM Products Remote Code Execution Vulnerability

Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates...

Oracle E-Business Suite Unspecified Vulnerability

Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator...

Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability

Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution...

Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability

Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario...

CWP Control Web Panel OS Command Injection Vulnerability

CWP Control Web Panel formerly CentOS Web Panel contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter...

Microsoft Exchange Server Privilege Escalation Vulnerability

Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote code execution...

Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability

Microsoft Windows Advanced Local Procedure Call ALPC contains an unspecified vulnerability that allows for privilege escalation...

TIBCO JasperReports Library Directory Traversal Vulnerability

TIBCO JasperReports Library contains a directory-traversal vulnerability that may allow web server users to access contents of the host system...

TIBCO JasperReports Server Information Disclosure Vulnerability

TIBCO JasperReports Server contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files...

Apple iOS Type Confusion Vulnerability

Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution...

Veeam Backup & Replication Remote Code Execution Vulnerability

The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code...

Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability

Citrix Application Delivery Controller ADC and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to execute code as administrator...

Microsoft Defender SmartScreen Security Feature Bypass Vulnerability

Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web MOTW defenses via a specially crafted malicious file...

Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability

Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests...

Veeam Backup & Replication Remote Code Execution Vulnerability

The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code...

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge...

Google Chromium GPU Heap Buffer Overflow Vulnerability

Google Chromium GPU contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but n...

Oracle Fusion Middleware Unspecified Vulnerability

Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to takeover the Access Manager product...

Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability

Microsoft Windows Mark of the Web MOTW contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features...

Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability

Microsoft Windows Cryptographic Next Generation CNG Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges...

Microsoft Windows Scripting Languages Remote Code Execution Vulnerability

Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution...

Samsung Mobile Devices Memory Corruption Vulnerability

Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369...

Samsung Mobile Devices Improper Access Control Vulnerability

Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370...

Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability

Microsoft Windows Mark of the Web MOTW contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features...

Microsoft Windows Print Spooler Privilege Escalation Vulnerability

Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges...

Samsung Mobile Devices Improper Access Control Vulnerability

Samsung mobile devices using Mali GPU contains an improper access control vulnerability in seclog file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370...

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge...

Apple iOS and iPadOS Out-of-Bounds Write Vulnerability

Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges...

GIGABYTE Multiple Products Code Execution Vulnerability

The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges...

Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability

Cisco AnyConnect Secure Mobility Client for Windows interprocess communication IPC channel allows for insufficient validation of resources that are loaded by the application at run time. An attacker with valid credentials on Windows could execute code on the affected machine with SYSTEM privilege...

GIGABYTE Multiple Products Privilege Escalation Vulnerability

The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges...

Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability

Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and oth...

GIGABYTE Multiple Products Unspecified Vulnerability

The GDrv low-level driver in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system...

GIGABYTE Multiple Products Privilege Escalation Vulnerability

The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges...

Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability

Synacor Zimbra Collaboration Suite ZCS allows an attacker to upload arbitrary files using cpio package to gain incorrect access to any other user accounts...

Linux Kernel Privilege Escalation Vulnerability

The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation...

Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability

Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation...

Fortinet Multiple Products Authentication Bypass Vulnerability

Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests...

Atlassian Bitbucket Server and Data Center Command Injection Vulnerability

Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions to a private one, can execute code by sending a malicious HTTP request...

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution...