CVE-2021-42292

CVE-2021-42292 is a Microsoft Excel Security Feature Bypass vulnerability in Microsoft Excel that enables local privilege bypass (local access required). The vulnerability is documented across multiple feeds, with patched fixes provided by Microsoft via Patch Tuesday advisories. Connected sources...

CVE-2022-26500

CVE-2022-26500 affects Veeam Backup & Replication and relates to an improper limitation of path names in internal API functions, enabling a remote, authenticated user to upload and execute arbitrary code. Affected product range includes 9.5U3/U4, 10.x, and 11.x. The root cause is exposure of inte...

CVE-2021-36934

CVE-2021-36934 (Windows SAM Local Privilege Escalation, alias HiveNightmare/SeriousSAM) is a local-privilege-escalation flaw caused by overly permissive ACLs on system files in %windir%\system32\config (notably SAM and SYSTEM). If a Volume Shadow Copy exists, a non-privileged user can read these ...

CVE-2021-1871

CVE-2021-1871 is a WebKit/WebKitGTK logic issue that could allow remote code execution. Public sources confirm the flaw affects multiple WebKit components and was fixed in macOS Big Sur 11.2, macOS Security Update 2021-001 for Catalina and Mojave, and iOS/iPadOS 14.4. Debian’s security advisory (...

CVE-2018-10562

CVE-2018-10562 is a command-injection flaw in Dasan/GPON home routers. The issue allows remote code execution via the dest_host parameter in a diag_action=ping request to the GponForm/diag_Form URI. The vulnerability’s impact is that ping results are stored in /tmp and sent back to the user when ...

CVE-2020-3992

CVE-2020-3992 describes a use-after-free in OpenSLP used by VMware ESXi. A malicious actor on the management network with access to UDP port 427 can trigger remote code execution. Affected VMware ESXi versions include 7.0 prior to ESXi_7.0.1-0.0.16850804, 6.7 prior to ESXi670-202010401-SG, and 6....

CVE-2023-3817

CVE-2023-3817 concerns OpenSSL: excessive time spent in checks of DH keys/parameters via DH_check(), DH_check_ex(), and EVP_PKEY_param_check(). If key/parameters originate from untrusted sources, an attacker could cause a Denial of Service by triggering long computations. The issue also affects r...

CVE-2021-1870

CVE-2021-1870 affects WebKitGTK/WebKitGTK-based packages (e.g., Arch Linux webkitgtk4) prior to version 2.30.6. A remote attacker could craft web content to cause arbitrary code execution. Upstream fix is in 2.30.6; Arch advisories (ASA-202103-24/25) and CVE listings confirm the vulnerability and...

CVE-2019-17558

CVE-2019-17558 affects Apache Solr 5.0.0–8.3.1 and allows remote code execution via the VelocityResponseWriter. An attacker can supply a Velocity template through configset velocity/ or via a parameter; enabling the resource loader for templates requires a configured response writer. Solr 8.4 rem...

CVE-2023-21554

The CVE-2023-21554 vulnerability is an RCE in Microsoft Message Queuing (MSMQ) due to improper input validation (CWE-20) in the MSMQ service. When MSMQ is enabled, a crafted MSMQ packet over TCP port 1801 can trigger an out-of-bounds/overflow condition, potentially allowing remote code execution....

CVE-2018-1000861

CVE-2018-1000861 affects Jenkins via the Stapler web framework (MetaClass && deserialization), enabling remote code execution. Affected: Jenkins 2.153 and earlier, LTS 2.138.3 and earlier. Root cause: deserialization/IMPACTful method invocation through crafted URLs in stapler/core MetaClass.java ...

CVE-2018-0798

The CVE-2018-0798 entry concerns a memory corruption vulnerability in Microsoft Office (Word/Equation Editor) across Office 2007–2016. The root cause is how certain objects are handled in memory, enabling remote code execution when a specially crafted file is opened. Connected documents indicate ...

CVE-2023-0286

CVE-2023-0286 is a type-confusion bug in OpenSSL related to X.400 address processing inside X.509 GeneralName. The public GENERAL_NAME.x400Address was defined as ASN1_TYPE instead of ASN1_STRING, causing GeneralName_cmp to treat it as a pointer, which under CRL_CHECK can allow an attacker to pass...

CVE-2020-13699

CVE-2020-13699 affects TeamViewer Desktop for Windows prior to 15.8.3, due to unquoted custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters (example: teamviewer10: --play URL), causing the victim to issue an NTLM authentication request that could be relayed o...

CVE-2024-33869

Artifex Ghostscript

CVE-2022-47966

CVE-2022-47966 (ManageEngine products) is a pre-auth remote code execution vulnerability rooted in the Apache Santuario (XML Security for Java) 1.4.1 library. The XML signature processing in this version can bypass protections, enabling RCE when a SAML SSO flow is engaged by affected ManageEngine...

CVE-2010-4344

CVE-2010-4344 : Exim before 4.70 has a heap-based buffer overflow in string_vformat() in string.c. A remote attacker can exploit this via an SMTP session (two MAIL commands with a large crafted header) to execute arbitrary code, potentially as the Exim user/root. The issue is fixed by upgrading t...

CVE-2023-51384

OpenSSH CVE-2023-51384 affects ssh-agent before 9.6: when adding PKCS#11-hosted private keys with destination constraints, constraints are only applied to the first key even if the token returns multiple keys. This can lead to incorrect constraint handling and potential disclosure of sensitive ma...

CVE-2012-0883

CVE-2012-0883 affects the Apache HTTP Server up to version 2.4.2, where the envvars (envvars-std) feature places a zero-length directory name in LD_LIBRARY_PATH. This enables local users to gain privileges by exploiting a Trojan horse DSO in the current working directory during execution of apach...

CVE-2023-38547

The CVE-2023-38547 issue affects Veeam ONE (versions 11, 11a, 12), where an unauthenticated user can access information about the SQL Server connection to the Veeam ONE configuration database, potentially enabling remote code execution on the SQL server. Mitigation is via the vendor hotfix descri...

CVE-2019-10910

CVE-2019-10910 affects Symfony versions prior to fixed releases: Symfony 2.7.51+, 2.8.50+, 3.x 3.4.26+, 4.x 4.1.12+, and 4.2.x 4.2.7+. The issue arises when service IDs can be influenced by user input, allowing SQL injection and remote code execution via the dependency-injection component. Mitiga...

CVE-2020-14750

CVE-2020-14750 is an unauthenticated remote code execution flaw in Oracle WebLogic Server’s Administration Console. Affected versions include 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. The issue stems from a path traversal/Java class instantiation flaw in the console handling ...

CVE-2020-3361

CVE-2020-3361 affects Cisco Webex Meetings and Webex Meetings Server. Description: an unauthenticated, remote attacker can bypass proper handling of authentication tokens to gain the privileges of another Webex user. The issue arises from improper handling of authentication tokens by vulnerable W...

CVE-2024-26600

CVE-2024-26600 details (Linux kernel): A NULL pointer dereference in the TI PHY/OMAP USB2 PHY driver could be triggered when an external phy does not implement send_srp(), causing a wakeup path to call a NULL function. The issue manifests during idle Ethernet gadget wakeups and leads to a kernel ...

CVE-2021-30860

CVE-2021-30860 affects Apple CoreGraphics in macOS/iOS/watchOS/tvOS stack. A vulnerability in integer overflow during processing of maliciously crafted PDFs could lead to arbitrary code execution. Fixed in Security Update 2021-005 for Catalina, iOS 14.8 / iPadOS 14.8, macOS Big Sur 11.6, and watc...

CVE-2012-4681

CVE-2012-4681 affects Oracle Java SE 7 (JRE) up to Update 6, and earlier; vulnerability chain bypasses SecurityManager via beans permission checks and restricted package access, using ClassFinder.findClass and reflection with a trusted immediate caller to reach private fields. Exploitation in the...

CVE-2023-52469

CVE-2023-52469 : The Linux kernel vulnerability resides in drivers/amd/pm where a use-after-free occurs in kv_parse_power_table. When kzalloc returns NULL, kv_parse_power_table frees adev->pm.dpm.ps and the object is then (incorrectly) used in kv_dpm_fini, causing a use-after-free. This is doc...

CVE-2021-1647

CVE-2021-1647 is a Microsoft Defender Remote Code Execution vulnerability. Multiple sources indicate it was exploited in the wild before patches were available, affecting Microsoft Defender/Windows Defender. The advisory notes a remote code execution risk; exploitation could allow an attacker to ...

CVE-2020-25213

CVE-2020-25213 affects the WordPress WP-File-Manager plugin (versions 6.0–6.8; remediation to 6.9+). Root cause: renaming an unsafe elFinder connector file to .php allowed unauthenticated remote code execution via the plugin’s file-upload mechanism, enabling commands to write PHP into wp-content/...

CVE-2018-20250

CVE-2018-20250 is a path traversal vulnerability in WinRAR (ACE format in UNACEV2.dll) that, when the filename field is crafted, can cause extraction to write to an absolute path, enabling local arbitrary code execution. Affected: WinRAR versions up to and including 5.61. Reported exploitation an...

CVE-2023-52470

CVE-2023-52470: Linux kernel vulnerability fixed in drm/radeon driver. The issue was a potential NULL pointer dereference in radeon_crtc_init() if the alloc_workqueue call failed. The published fix adds a check for the alloc_workqueue return value to avoid dereferencing a NULL pointer. Affected c...

CVE-2009-3555

CVE-2009-3555 concerns a TLS/SSL renegotiation flaw where renegotiation handshakes were not properly associated with the existing connection, enabling MITM data insertion in HTTPS and other TLS/SSL sessions (Project Mogul). Connected advisories show concrete mitigations and affected software: Pou...

CVE-2024-39330

CVE-2024-39330 affects Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of django.core.files.storage.Storage that override generate_filename() without mirroring the parent’s file-path validations can trigger directory traversal during save(). Built-in Storage subclasses are not affe...

CVE-2021-30554

CVE-2021-30554 is a use-after-free in the WebGL component of the Chromium-based Chrome/Chromium engine, exploited via crafted HTML pages. Affected are Chrome/Chromium versions before 91.0.4472.114, with remote code execution risk tied to heap corruption. Google is aware of exploits in the wild; m...

CVE-2020-0986

Technical details about CVE-2020-0986 are not publicly available in the provided connected documents. Please monitor for updates; current materials mention malware references in related EUVD entries but do not disclose affected products, vulnerable components, impact, or fixes.

CVE-2024-47794

CVE-2024-47794 (Linux kernel, BPF): A flaw can cause an infinite loop when combining tail calls with freplace, potentially leading to kernel panic. The issue arises if a freplace-extended program is attached to a program in a prog_array map, creating a loop like entry_tc → subprog_tc → entry_frep...

CVE-2017-16137

CVE-2017-16137 affects the Node.js debug module and can cause a regular expression denial of service (ReDoS) when untrusted input is passed to the formatter; susceptibility is reported as low severity but could enable a DoS by consuming CPU with around 50k characters. The connected documents show...

CVE-2020-3588

CVE-2020-3588 affects Cisco Webex Meetings Desktop App for Windows in virtual desktop environments. The root cause is improper validation of messages processed by the virtualization channel interface, allowing a local attacker with limited privileges to execute arbitrary code with the user’s priv...

CVE-2011-3544

CVE-2011-3544 is a vulnerability in the Java scripting engine where untrusted code (e.g., applets) could elevate privileges due to missing security manager checks. Affected: Oracle Java SE/JDK/JRE 6 and 7 up to update 27 and earlier. Impact reported as remote arbitrary code execution/elevation of...

CVE-2018-20062

CVE-2018-20062 affects ThinkPHP/NoneCMS with remote code execution via crafted filter parameter in s=index/\think\Request/input&filter=phpinfo&data=1. Public sources in connected docs identify vulnerable versions as ThinkPHP <= 5.0.23 (and 5.1.x

CVE-2018-19395

PHP on Windows (versions 5.x–7.1.24) is affected by CVE-2018-19395 due to a NULL return from com_properties_get in ext/com_dotnet/com_handlers.c, which can cause a NULL pointer dereference and application crash (DoS) when performing a serialize on COM("WScript.Shell"). The root cause is in ext/st...

CVE-2017-11317

CVE-2017-11317 affects Telerik Web UI for ASP.NET AJAX prior to R1 2017 and R2 prior to R2 2017 SP2. The issue is a weak encryption/serialization flaw in RadAsyncUpload that enables remote attackers to upload arbitrary files or execute arbitrary code. The root cause is described as a deserializat...

CVE-2016-0167

CVE-2016-0167 is a Windows kernel-mode Win32k Privilege Escalation vulnerability affecting multiple OS versions (e.g., Vista SP2, Windows 7 SP1, Windows 8.1, Windows Server 2008/R2, Windows 10). The issue arises in the kernel-mode driver Win32k where a crafted application can escalate privileges ...

CVE-2012-3698

Apple Xcode before 4.4 is affected by CVE-2012-3698 due to a design issue in composing a designated requirement (DR) during signing of programs without bundle identifiers. This allows remote attackers to read keychain entries via a crafted app, demonstrated with keychain data from a helper tool o...

CVE-2020-4006

CVE-2020-4006 (VMware) is a remote command-injection flaw in VMware Workspace ONE Access, Access Connector, Identity Manager, and Identity Manager Connector. A attacker with network access to the administrative configurator (port 8443) and valid credentials could execute commands with unrestricte...

CVE-2021-30858

CVE-2021-30858 is a use-after-free in WebKit/WebKitGTK that could lead to arbitrary code execution when processing malicious web content. Apple patched this in iOS 14.8, iPadOS 14.8, and macOS Big Sur 11.6; Chromium/WebKit GTK ecosystems referenced the same vulnerability (WebKit/Gtk port). Some a...

CVE-2019-6470

CVE-2019-6470 concerns a use-after-free/crash in DHCPv6 when ISC BIND libraries are mismatched with dhcpd. The described root cause is a bug in a BIND library function used by dhcpd, with the library bug preventing normal operation and a crash potential when vendors differ in package versions. Af...

CVE-2019-5585

FortiClient Mac (Fortinet) versions prior to 6.0.5 are affected by CVE-2019-5585, an improper access control vulnerability that may allow an attacker to affect the application’s performance by modifying the contents of a file used by several FortiClientMac processes. The issue, described as a loc...

CVE-2023-38831

CVE-2023-38831 affects WinRAR prior to 6.23. A crafted ZIP can trigger code execution when a user views a benign file, because a folder with the same name as that file may be processed during access. This vulnerability enables remote or local code execution depending on the user’s interaction wit...

CVE-2020-15969

CVE-2020-15969 is a use-after-free in WebRTC that was exploitable via a crafted HTML page, potentially causing heap corruption and arbitrary code execution. Connected Apple advisories (Safari 14.0.2, watchOS 7.2, tvOS 14.3) indicate this was addressed by Apple in respective security updates; appl...