368276 matches found
CVE-2022-22707
CVE-2022-22707 affects lighttpd 1.4.46–1.4.63 via the mod_extforward_Forwarded function, causing a stack-based buffer overflow (4-byte boundary) that can lead to remote denial of service. The issue is more likely on 32-bit systems and occurs in non-default Forwarded header handling. Connected adv...
CVE-2017-0145
CVE-2017-0145 : The SMBv1 server in Windows (various editions listed in the initial document) is vulnerable to remote code execution via crafted SMB packets. The connected documents reiterate that this is a Windows SMB RCE issue affecting SMBv1, with exploit activity historically linked to Eterna...
CVE-2021-37850
CVE-2021-37850 affects ESET consumer and business products for macOS. A local user can stop the ESET daemon, disabling protection until a reboot. Documented impact is a DoS-like loss of protection rather than remote code execution. Affected components are the ESET macOS services/daemons, with roo...
CVE-2021-30551
CVE-2021-30551 is a type confusion vulnerability in the V8 engine of Chromium-based browsers (e.g., Google Chrome/Chromium) prior to 91.0.4472.101. A remote attacker could potentially trigger heap corruption via a crafted HTML page. Multiple connected advisories confirm the issue and indicate aff...
CVE-2017-12149
CVE-2017-12149 affects Red Hat/JBoss Application Server shipped with Red Hat Enterprise Application Platform 5.2. The vulnerability arises in the HTTP Invoker ReadOnlyAccessFilter during deserialization, which does not restrict the classes it deserializes, enabling an attacker to achieve remote c...
CVE-2016-6210
CVE-2016-6210 affects OpenSSH sshd prior to 7.3. When SHA-256/512 is used for user password hashing, sshd can reveal valid usernames by measuring timing differences during authentication for non-existent users, enabling remote, unauthenticated user enumeration. Impact is information disclosure; e...
CVE-2024-45699
CVE-2024-45699 affects Zabbix frontend: /zabbix.php?action=export.valuemaps is vulnerable to XSS via the backurl parameter due to reflecting user input without HTML escaping. Impact described as JavaScript execution in victim browser. Remediation is version-specific updates across distributions (...
CVE-2020-6514
CVE-2020-6514 affects Google Chrome WebRTC data channel where an attacker in a privileged network position could trigger a memory corruption (heap) via a crafted SCTP stream. The initial description notes an inappropriate WebRTC implementation as the underlying cause, with the vulnerability explo...
CVE-2024-30171
CVE-2024-30171 : Affects the Bouncy Castle Java TLS API and JSSE Provider before 1.78. The issue is a timing-based leakage in RSA-based handshakes caused by exception processing. There is no exploit detail provided in the documents. Remediation: upgrade to a version containing the fix (BC 1.78 or...
CVE-2025-0868
DocsGPT (versions 0.8.1–0.12.0) contains a Remote Code Execution vulnerability caused by unsafe JSON parsing with eval() in the /api/remote endpoint. Unauthenticated, network-accessible attackers can inject arbitrary Python code, enabling full server compromise with high impact on confidentiality...
CVE-2023-4911
CVE-2023-4911 is a buffer overflow in the GNU C Library ld.so when processing GLIBC_TUNABLES, enabling local privilege escalation via malicious GLIBC_TUNABLES values when launching binaries with SUID. Affected: glibc, with versions older than 2.38-6 (per CBLMARINER:34733) and older listings notin...
CVE-2019-13720
CVE-2019-13720 is a use-after-free in Chrome’s WebAudio (Chromium) prior to 78.0.3904.87 that could allow remote code execution via a crafted HTML page, with heap corruption as the underlying risk. Public documents identify the affected component as the WebAudio functionality in Chrome/Chromium a...
CVE-2019-19788
Opera for Android up to version 54.0.2669.49432 is vulnerable to a sandboxed cross-origin iframe bypass. The issue arises when a service running inside a sandboxed iframe bypasses the browser’s sandbox attributes, enabling forced redirections from a third‑party context without user interaction. A...
CVE-2022-0778
CVE-2022-0778 describes an infinite loop in BN_mod_sqrt() when parsing certain ASN.1 elliptic-curve parameters, enabling DoS during certificate or key processing. Affected OpenSSL versions include 1.0.2, 1.1.1, and 3.0 (specific ranges: 1.0.2 (1.0.2–1.0.2zc), 1.1.1 (1.1.1–1.1.1m), 3.0 (3.0.0–3.0....
CVE-2017-0213
CVE-2017-0213 is a Windows privilege-escalation flaw in the COM Aggregate Marshaler that can be triggered by a specially crafted application to gain elevated privileges locally. Public documentation confirms affected OS ranges including Windows 7 SP1, Windows Server 2008 SP2/R2 SP1, Windows 8.1, ...
CVE-2022-29143
CVE-2022-29143 describes a remote code execution vulnerability in Microsoft SQL Server where a specially crafted query against a table with a Column Store index can corrupt memory. Public details in the connected sources indicate exploitation could occur through authenticated access over network,...
CVE-2019-11708
CVE-2019-11708 is a sandbox-escape vulnerability in Mozilla Firefox ESR and Thunderbird caused by insufficient vetting of parameters in the Prompt:Open IPC message between child and parent processes, allowing a compromised child to cause the non-sandboxed parent to open web content and potentiall...
CVE-2019-5786
CVE-2019-5786 corresponds to a heap use-after-free in Google Chrome’s Blink layer affecting the FileReader API, enabling a remote attacker to potentially cause out-of-bounds memory access via a crafted HTML page. The CVE is documented as a vulnerability in Blink prior to 72.0.3626.121, with the v...
CVE-2018-6789
CVE-2018-6789 is an Exim SMTP base64d buffer overflow vulnerability. The issue resides in the base64d function of Exim’s SMTP listener prior to version 4.90.1, where a handcrafted EHLO/message can cause a heap/buffer overflow and enable remote code execution. Multiple sources confirm the vulnerab...
CVE-2016-0746
CVE-2016-0746 is a use-after-free in nginx’s resolver when processing DNS CNAME responses. The issue affects nginx versions before 1.8.1 and 1.9.x before 1.9.10; exploitation could crash worker processes or yield other unspecified impacts. Remediation per connected docs: upgrade to non‑vulnerable...
CVE-2021-46440
The CVE-2021-46440 issue affects Strapi (DOCUMENTATION plugin) prior to 3.6.9 and prior to 4.1.5. It stores passwords in a recoverable format, allowing an attacker who can access a victim’s HTTP request to retrieve the cookie, base64-decode it, and obtain a cleartext password. This enables access...
CVE-2020-0674
Technical details for CVE-2020-0674 are not publicly provided in the supplied documents; no specific affected products/versions or remediation details are present. Monitor for updates from authoritative sources.
CVE-2017-8798
CVE-2017-8798 concerns an integer signedness error in the MiniUPnP library (MiniUPnPc) used by miniupnpc. AffectedVersions: v1.4.20101221 through v2.0. Root cause: a signedness/bounds issue in the getHTTPResponse/miniwget path that parses chunked-encoded HTTP responses. Impact: remote attacker co...
CVE-2021-42287
CVE-2021-42287 is an Active Directory Domain Services privilege-escalation vulnerability. Connected documents corroborate it as part of a vulnerability family targeting domain controllers (CVE-2021-42278/42287) and describe exploitation via impersonation from a standard domain user to a DA, inclu...
CVE-2017-9248
CVE-2017-9248 affects Progress Telerik UI for ASP.NET AJAX (and Sitefinity) prior to R2 2017 SP1 / 10.0.6412.0. The vulnerability lies in Telerik.Web.UI.dll handling of the Telerik.Web.UI.DialogParametersEncryptionKey and the MachineKey, enabling an attacker to defeat cryptographic protection and...
CVE-2012-3499
CVE-2012-3499 affects Apache HTTP Server 2.2.x (pre-2.2.24-dev) and 2.4.x (pre-2.4.4). The issue comprises multiple XSS flaws in modules including mod_imagemap, mod_info, mod_ldap, mod_proxy_ftp, and mod_status. An attacker can inject arbitrary web script/HTML via crafted Host header or URI-relat...
CVE-2022-22954
CVE-2022-22954 is a server-side template injection (SSTI) leading to remote code execution in VMware Workspace ONE Access and VMware Identity Manager. The vulnerability allows an attacker with network access to trigger SSTI in Freemarker templates, potentially compromising the underlying system. ...
CVE-2024-29415
CVE-2024-29415 affects the npm package ip (Node.js) up to version 2.0.1, enabling SSRF due to an incomplete fix of CVE-2023-42282. The root cause is the incorrect categorization of certain IPs as globally routable by isPublic. Exploitation details and affected versions beyond 2.0.1 are not provid...
CVE-2022-20863
Cisco Webex App (formerly Webex Teams) contains a vulnerability in its messaging interface that could allow an unauthenticated, remote attacker to manipulate displayed links or content by exploiting improper handling of character rendering. The issue arises when messages are processed in the inte...
CVE-2020-16012
CVE-2020-16012 is a timing side-channel vulnerability involving cross-origin data leakage via drawImage in graphics code. Connected advisories confirm multiple Mozilla products are affected (notably Firefox/Thunderbird) and that the issue arises from variable-time processing of cross-origin image...
CVE-2020-11652
CVE-2020-11652 affects SaltStack Salt prior to 2019.2.4 and 3000 prior to 3000.2, where the salt-master ClearFuncs class allows authenticated users to access methods that do not properly sanitize paths, enabling arbitrary directory access. This is a directory-traversal vulnerability in the salt-m...
CVE-2022-22675
CVE-2022-22675 is an Apple kernel-related out-of-bounds write vulnerability (AppleAVD) that could allow code execution with kernel privileges. Affected macOS Big Sur 11.x, Monterey, tvOS, watchOS, iOS, and iPadOS components were fixed in specific updates: tvOS 15.5, watchOS 8.6, macOS Big Sur 11....
CVE-2021-30563
CVE-2021-30563 is a Type Confusion in the V8 engine used by Google Chrome (and Chromium-based browsers) prior to version 91.0.4472.164. The vulnerability arises from V8 type confusion which could allow a remote attacker to trigger heap corruption via a crafted HTML page. Public disclosures indica...
CVE-2020-7463
CVE-2020-7463 is a FreeBSD kernel use-after-free vulnerability caused by improper handling of large user messages from multiple threads on the same SCTP socket. Affected: FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEA...
CVE-2020-10199
CVE-2020-10199 is a remote code execution vulnerability in Sonatype Nexus Repository Manager (NXRM) caused by a Java EL injection vulnerability. Affected versions are NXRM prior to 3.21.2 (with references noting exploitable in 3.21.1 and earlier). The underlying issue is a Java EL injection in Ne...
CVE-2008-1279
Summary: CVE-2008-1279 affects Acronis True Image Group Server 1.5.19.191 and earlier (included in Acronis True Image Enterprise Server 9.5.0.8072 and other True Image packages). The issue is an out-of-bounds read triggered by a packet with an invalid length field, leading to remote denial of ser...
CVE-2021-25746
CVE-2021-25746 affects the ingress-nginx controller. A user who can create or update Ingress objects can read the controller’s credentials by manipulating .metadata.annotations in an Ingress (networking.k8s.io or extensions API group). In the default configuration, those credentials grant access ...
CVE-2022-26501
CVE-2022-26501 affects Veeam Backup & Replication 10.x and 11.x, where the Veeam Distribution Service exposes an Incorrect Access Control flaw that allows unauthenticated access to internal API functions (potential remote code execution). Mitigations documented: update to 10.0.1.4854 (10a) and 11...
CVE-2019-9021
CVE-2019-9021 affects PHP releases prior to 5.6.40, 7.x prior to 7.1.26, 7.2.x prior to 7.2.14, and 7.3.x prior to 7.3.1. It describes a heap-based buffer over-read in PHAR reading functions of the PHAR extension (phar_detect_phar_fname_ext in ext/phar/phar.c) that can cause reading memory past t...
CVE-2024-57884
Technical details about CVE-2024-57884 are not publicly provided in the supplied documents. Monitor for updates.
CVE-2023-0286
CVE-2023-0286 is a type-confusion bug in OpenSSL related to X.400 address processing inside X.509 GeneralName. The public GENERAL_NAME.x400Address was defined as ASN1_TYPE instead of ASN1_STRING, causing GeneralName_cmp to treat it as a pointer, which under CRL_CHECK can allow an attacker to pass...
CVE-2020-2555
CVE-2020-2555 (WebLogic/Coherence) : A deserialization vulnerability in Oracle Coherence (Fusion Middleware) enables unauthenticated remote code execution via the T3 protocol. Affected versions include Coherence 3.7.1.x, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0. The flaw originates from ReflectionExtra...
CVE-2021-25631
CVE-2021-25631 affects LibreOffice 7-1 (before 7.1.2) and 7-0 (before 7.0.5). The issue allows bypassing the denylist by manipulating a link so it no longer matches the denylist but triggers ShellExecute to launch an executable type, enabling arbitrary code execution under Windows. Affected produ...
CVE-2021-21224
CVE-2021-21224 is a type confusion in Google Chrome’s V8 engine (pre-90.0.4430.85) that allows a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Multiple connected advisories confirm the same issue and note exploitation in the wild; remediation per Arch Linux...
CVE-2021-43159
CVE-2021-43159 affects Ruijie Networks RG-EW Series Routers (up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55). The vulnerability arises via the setSessionTime function in /cgi-bin/luci/api/common, enabling Remote Code Execution (RCE). CVSS metrics show a high-severity issue (CVSS v3.1 base score 8.8; n...
CVE-2018-13382
CVE-2018-13382 is an Improper Authorization vulnerability in Fortinet FortiOS (versions 6.0.0–6.0.4, 5.6.0–5.6.8, 5.4.1–5.4.10) and FortiProxy (2.0.0; 1.2.0–1.2.8; 1.1.0–1.1.6; 1.0.0–1.0.7) exposed via the SSL VPN web portal. An unauthenticated attacker can modify the password of an SSL VPN porta...
CVE-2014-7169
CVE-2014-7169 affects GNU Bash up to 4.3, where parsing of function definitions in environment variables can be exploited to run commands or impact other attributes across privilege boundaries (notably via ForceCommand in OpenSSH sshd and via mod_cgi/mod_cgid in Apache, as well as DHCP client scr...
CVE-2020-3182
Cisco Webex Meetings Client for MacOS is affected by an information-disclosure vulnerability in the mDNS configuration. An unauthenticated adjacent attacker can exploit this by issuing an mDNS query for a specific service to obtain device information from affected Webex clients. The issue is docu...
CVE-2019-0841
CVE-2019-0841 is a Windows privilege-escalation vulnerability in the AppXSVC service caused by improper handling of hard links. The issue enables local elevation of privilege (from a low-privilege context to SYSTEM) and has public exploitation references (Exploits listed on Exploit-DB; CIRCL sigh...
CVE-2021-36934
CVE-2021-36934 (Windows SAM Local Privilege Escalation, alias HiveNightmare/SeriousSAM) is a local-privilege-escalation flaw caused by overly permissive ACLs on system files in %windir%\system32\config (notably SAM and SYSTEM). If a Volume Shadow Copy exists, a non-privileged user can read these ...