Android Kernel Use-After-Free Vulnerability

Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerability was observed chained with CVE-2020-0041 and CVE-2020-0069 under exploit chain "AbstractEmu."...

Android Kernel Out-of-Bounds Write Vulnerability

Android Kernel bindertransaction of binder.c contains an out-of-bounds write vulnerability due to an incorrect bounds check that could allow for local privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and CVE-2020-0069 under exploit chain "AbstractEmu."...

Apache HTTP Server Path Traversal Vulnerability

Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default require all denied or if CGI scripts are enabled. This CVE ID resolves an incomplete patch for...

Apple iOS, iPadOS, macOS Use-After-Free Vulnerability

Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on...

Apple Multiple Products Memory Corruption Vulnerability

Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted front...

Apple Multiple Products Type Confusion Vulnerability

Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges...

Apple Multiple Products Race Condition Vulnerability

Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges...

Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability

Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing...

Apple macOS Unspecified Vulnerability

Apple macOS contains an unspecified logic issue in System Preferences that may allow a malicious application to bypass Gatekeeper checks...

Apple iOS WebKit Memory Corruption Vulnerability

Apple iOS WebKit contains a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML...

Apple iOS, iPadOS, and macOS Type Confusion Vulnerability

Apple iOS, iPadOS, and macOS contain a type confusion vulnerability in the XNU which may allow a malicious application to execute code with kernel privileges...

Arm Trusted Firmware Out-of-Bounds Write Vulnerability

Arm Trusted Firmware contains an out-of-bounds write vulnerability allowing the non-secure NS world to trigger a system halt, overwrite secure data, or print out secure data when calling secure functions under the non-secure processing environment NSPE handler mode. This vulnerability affects...

Cisco ASA and FTD Cross-Site Scripting (XSS) Vulnerability

Cisco Adaptive Security Appliance ASA and Firepower Threat Defense FTD contain an insufficient input validation vulnerability for user-supplied input by the web services interface. Successful exploitation could allow an attacker to perform cross-site scripting XSS in the context of the interface ...

Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability

Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user...

Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability

Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected device, cause a denial-of-service DoS condition, or perform code execution on the affected device...

Cisco IOS XR Software Discovery Protocol Format String Vulnerability

Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute code with administrative privileges or cause a reload on an affected device...

Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability

Cisco IOS XR Distance Vector Multicast Routing Protocol DVMRP incorrectly handles Internet Group Management Protocol IGMP packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash...

Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability

Cisco Adaptive Security Appliance ASA contains an improper input validation vulnerability with HTTP URLs. Exploitation could allow an attacker to cause a denial-of-service DoS condition or information disclosure...

Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL endpoints. The attacker must have access to the NetScaler IP NSIP in order to perform exploitation...

Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability...

Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability

Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives...

D-Link DNS-320 Device Command Injection Vulnerability

D-Link DNS-320 device contains a command injection vulnerability in the sytemmgr.cgi component that may allow for remote code execution...

DotNetNuke (DNN) Remote Code Execution Vulnerability

DotNetNuke DNN contains a vulnerability that may allow for remote code execution via cookie deserialization...

DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability

DotNetNuke DNN contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves an incomplete patch for CVE-2018-15811...

GitLab Community and Enterprise Editions Remote Code Execution Vulnerability

GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files...

ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability

ForgeRock Access Management AM Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints /ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame to execute code in the context of the current user unless ForgeRock AM is running as root user, whi...

Fortinet FortiOS Default Configuration Vulnerability

Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Directory Access Protocol LDAP server...

Google Chrome Use-After-Free Vulnerability

Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page...

Google Chromium Indexed DB API Use-After-Free Vulnerability

Google Chromium Indexed DB API contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including,...

Google Chromium Blink Use-After-Free Vulnerability

Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, an...

ImageMagick Server-Side Request Forgery (SSRF) Vulnerability

ImageMagick contains an unspecified vulnerability that allows attackers to perform server-side request forgery SSRF via a crafted image...

Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability

Microsoft Open Management Infrastructure OMI within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution...

Microsoft Edge and Internet Explorer Memory Corruption Vulnerability

Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user...

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation via a crafted application...

Microsoft Windows Media Center Remote Code Execution Vulnerability

Microsoft Windows Media Center contains a remote code execution vulnerability when Windows Media Center opens a specially crafted Media Center link .mcl file that references malicious code...

Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability

Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation...

Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability

Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation...

Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability

Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts Adobe Type 1 PostScript format that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfull...

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution...

Microsoft Windows Kernel Privilege Escalation Vulnerability

Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation...

Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability

Microsoft Open Management Infrastructure OMI within Azure VM Management Extensions contains an unspecified vulnerability that allows for privilege escalation...

Microsoft Windows Update Medic Service Privilege Escalation Vulnerability

Microsoft Windows Update Medic Service contains an unspecified vulnerability that allows for privilege escalation...

Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability

Microsoft Open Management Infrastructure OMI within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation...

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k kernel-mode driver fails to properly handle objects in memory which allows for privilege escalation. Successful exploitation allows an attacker to run code in kernel mode...

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation...

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains an unspecified vulnerability due to it failing to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode...

Microsoft Exchange Server Security Feature Bypass Vulnerability

Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass...

Microsoft .NET Framework Remote Code Execution Vulnerability

Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system...

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains a privilege escalation vulnerability when the Win32k component fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kernel mode...

Microsoft Internet Explorer Remote Code Execution Vulnerability

Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution...