1634 matches found
Fortinet FortiOS SSL VPN Path Traversal Vulnerability
Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests...
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge...
Google Chromium V8 Use-After-Free Vulnerability
Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge...
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge...
ImageMagick Server-Side Request Forgery (SSRF) Vulnerability
ImageMagick contains an unspecified vulnerability that allows attackers to perform server-side request forgery SSRF via a crafted image...
Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability
Micro Focus Operation Bridge Report OBR contains an unspecified vulnerability that allows for remote code execution...
Microsoft Windows Group Policy Preferences Password Privilege Escalation Vulnerability
Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate...
Microsoft Windows Media Center Remote Code Execution Vulnerability
Microsoft Windows Media Center contains a remote code execution vulnerability when Windows Media Center opens a specially crafted Media Center link .mcl file that references malicious code...
Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution...
Microsoft Windows Kernel Privilege Escalation Vulnerability
Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation...
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution...
Microsoft Exchange Server Security Feature Bypass Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass...
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation...
Microsoft Office and WordPad Remote Code Execution Vulnerability
Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution...
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain...
Netis WF2419 Devices Remote Code Execution Vulnerability
Netis WF2419 devices contains an unspecified vulnerability that allows an attacker to perform remote code execution as root through the router's web management page...
Oracle WebLogic Server Deserialization of Untrusted Data Vulnerability
Oracle WebLogic Server contains a deserialization of untrusted data vulnerability within Apache Commons, which can allow for for remote code execution...
Oracle WebLogic Server Unspecified Vulnerability
Oracle WebLogic Server contains an unspecified vulnerability in the Console component with high impacts to confidentilaity, integrity, and availability...
Realtek AP-Router SDK Buffer Overflow Vulnerability
Realtek AP-Router SDK HTTP web server boa contains a buffer overflow vulnerability due to unsafe copies of some overly long parameters submitted in the form that lead to denial-of-service DoS...
Roundcube Webmail File Disclosure Vulnerability
Roundcube Webmail contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default...
SAP Solution Manager Missing Authentication for Critical Function Vulnerability
SAP Solution Manager User Experience Monitoring contains a missing authentication for critical function vulnerability which results in complete compromise of all SMDAgents connected to the Solution Manager...
SolarWinds Orion Authentication Bypass Vulnerability
SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands...
Symantec Messaging Gateway Remote Code Execution Vulnerability
Symantec Messaging Gateway contains an unspecified vulnerability which can allow for remote code execution. With the ability to perform remote code execution, an attacker may also desire to perform privilege escalating actions...
Tenda AC11 Router Stack Buffer Overflow Vulnerability
Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request...
ThinkPHP Remote Code Execution Vulnerability
ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\think\app/invokefunction&function=calluserfuncarray&vars0=system&vars1= followed by the command...
Trend Micro Multiple Products Content Validation Escape Vulnerability
Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components...
TVT NVMS-1000 Directory Traversal Vulnerability
TVT devices utilizing NVMS-1000 software contain a directory traversal vulnerability via GET /.. requests...
Unraid Remote Code Execution Vulnerability
Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access...
VMware Multiple Products Privilege Escalation Vulnerability
VMware Fusion, Remote Console VMRC for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers to escalate privileges to root...
VMware vCenter Server Remote Code Execution Vulnerability
VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrestricted privileges on the underlying operating system...
VMware vCenter Server Improper Input Validation Vulnerability
VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution...
Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability
Yealink Device Management contains a server-side request forgery SSRF vulnerability that allows for unauthenticated remote code execution...
WordPress Social Warfare Plugin Cross-Site Scripting (XSS) Vulnerability
WordPress Social Warfare plugin contains a cross-site scripting XSS vulnerability that allows for remote code execution. This vulnerability affects Social Warfare and Social Warfare Pro...
Google Chromium V8 Memory Corruption Vulnerability
Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera...
IBM Data Risk Manager Directory Traversal Vulnerability
IBM Data Risk Manager contains a directory traversal vulnerability that could allow a remote authenticated attacker to traverse directories and send a specially crafted URL request to download arbitrary files from the system...
IBM Planning Analytics Remote Code Execution Vulnerability
IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting...
Google Chromium Blink Use-After-Free Vulnerability
Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, an...
Liferay Portal Deserialization of Untrusted Data Vulnerability
Liferay Portal contains a deserialization of untrusted data vulnerability that allows remote attackers to execute code via JSON web services...
Microsoft Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability
Microsoft Desktop Window Manager DWM Core Library contains an unspecified vulnerability that allows for privilege escalation...
Google Chromium V8 Improper Input Validation Vulnerability
Google Chromium V8 Engine contains an improper input validation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome,...
Microsoft Windows Kernel Privilege Escalation Vulnerability
Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation...
Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability
Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation...
Microsoft Windows Kernel Privilege Escalation Vulnerability
Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation...
Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability
Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution...
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution...
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation...
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Win32k contains an unspecified vulnerability due to it failing to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode...
Microsoft Windows DNS Server Remote Code Execution Vulnerability
Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed...
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption...
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user...