Oracle Java SE Unspecified Vulnerability

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to 2D...

Oracle Java SE Sandbox Bypass Vulnerability

The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

Microsoft Word Remote Code Execution Vulnerability

Microsoft Word allows attackers to execute remote code or cause a denial-of-service DoS via crafted RTF data...

Oracle Fusion Middleware Unspecified Vulnerability

Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via Unknown vectors...

SonicWall SMA100 Directory Traversal Vulnerability

In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server...

Microsoft Windows Privilege Escalation Vulnerability

Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application...

Microsoft Internet Explorer Information Disclosure Vulnerability

Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site...

Microsoft Windows Kernel Privilege Escalation Vulnerability

The kernel in Microsoft Windows allows local users to gain privileges via a crafted application...

Microsoft Windows Adobe Type Manager Library Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts...

Microsoft Internet Explorer Memory Corruption Vulnerability

JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service memory corruption via a crafted web site...

Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability

Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code...

Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability

Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service DoS or possibly execute malicious code via a crafted web site...

Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control UAC feature...

MiCollab, MiVoice Business Express Access Control Vulnerability

A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system...

VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability

Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files...

D-Link Multiple Routers Command Injection Vulnerability

Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise...

Citrix SD-WAN and NetScaler Command Injection Vulnerability

Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance...

Apache Tomcat Remote Code Execution Vulnerability

When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server...

Apache Tomcat on Windows Remote Code Execution Vulnerability

When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server...

NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability

The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution...

Arcserve Unified Data Protection (UDP) Directory Traversal Vulnerability

Directory traversal vulnerability in Arcserve UDP allows remote attackers to obtain sensitive information or cause a denial of service...

D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability

The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution...

Elasticsearch Remote Code Execution Vulnerability

Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code...

D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability

A cross-site scripting XSS vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML...

HP Multiple Products Remote Code Execution Vulnerability

HP ProCurve Manager PCM, PCM+, Identity Driven Manager IDM, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to 1 EJBInvokerServlet or 2 JMXInvokerServlet...

Exim Heap-Based Buffer Overflow Vulnerability

Heap-based buffer overflow in the stringvformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session...

Adobe ColdFusion Directory Traversal Vulnerability

A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files...

phpMyAdmin Remote Code Execution Vulnerability

Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file...

HP OpenView Network Node Manager Remote Code Execution Vulnerability

HP OpenView Network Node Manager could allow a remote attacker to execute arbitrary commands on the system...

Sitecore XP Remote Command Execution Vulnerability

Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution...

Zyxel Multiple NAS Devices OS Command Injection Vulnerability

Multiple Zyxel network-attached storage NAS devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code...

QNAP Helpdesk Improper Access Control Vulnerability

QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information...

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication...

Citrix SD-WAN and NetScaler SQL Injection Vulnerability

Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection...

Jenkins Matrix Project Plugin Remote Code Execution Vulnerability

Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution...

Microsoft GDI Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface GDI handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system...

Microsoft Windows Shell Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths...

Microsoft Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer...

VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability

VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution...

Cisco Secure Access Control System Java Deserialization Vulnerability

A vulnerability in Java deserialization used by Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software...

Citrix Multiple Products Remote Code Execution Vulnerability

A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthenticated, remote attacker being able to execute arbitrary code as a root user. This vulnerability al...

Microsoft Windows SMB Remote Code Execution Vulnerability

The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution...

Adobe Flash Player Remote Code Execution Vulnerability

Unspecified vulnerability in Adobe Flash Player allows for remote code execution...

Ruby on Rails Directory Traversal Vulnerability

Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files...

Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability

Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager DCNM allows remote attackers to read arbitrary files...

Microsoft Windows Object Linking & Embedding (OLE) Automation Array Remote Code Execution Vulnerability

OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site...

Ruby on Rails Directory Traversal Vulnerability

Directory traversal vulnerability in actionpack/lib/abstractcontroller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request...

Apache Struts Improper Input Validation Vulnerability

Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language OGNL expressions...

Exim Privilege Escalation Vulnerability

Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands...

Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability

Cisco IOS XR, when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service DoS...