368250 matches found
CVE-2021-22991
CVE-2021-22991 affects BIG-IP Traffic Management Microkernel (TMM) URI normalization, where undisclosed requests to a virtual server may trigger a buffer overflow in TMM. This can cause a DoS and, in some scenarios, bypass URL-based access controls or enable remote code execution. The issue impac...
CVE-2020-7071
CVE-2020-7071 affects PHP: the FILTER_VALIDATE_URL path could treat a URL with invalid userinfo (username:password) as valid. Affected: PHP 7.3.x < 7.3.26, 7.4.x
CVE-2016-4117
CVE-2016-4117 affects Adobe Flash Player (earlier than 21.0.0.196) via an out-of-bounds access in the DeleteRangeTimelineOperation module of the SWF runtime, caused by a type-confusion vulnerability. This allows memory corruption and arbitrary code execution, as demonstrated by FireEye researcher...
CVE-2015-3043
CVE-2015-3043 refers to a memory corruption vulnerability in Adobe Flash Player that allows remote code execution. Affected versions include Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows/macOS, and before 11.2.202.457 on Linux. The underlying root cause is desc...
CVE-2025-3277
SQLite CVE-2025-3277: An integer overflow in concat_ws() can cause a heap buffer overflow of ~4GB by using an untruncated original size to allocate and then write, potentially enabling arbitrary code execution. This is documented across multiple advisories (Debian, AlmaLinux, Fedora, AIX RPM advi...
CVE-2020-11261
CVE-2020-11261 is a memory-corruption vulnerability in Qualcomm Snapdragon chipsets (including Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables). Root cause: improper check when an application requests memory allocation for an extremely large ...
CVE-2021-27852
CVE-2021-27852 concerns Checkbox Survey before version 7, where CheckboxWeb.dll deserializes untrusted _VSTATE data via LosFormatter in ASP.NET View State. The underlying issue allows an unauthenticated remote attacker to execute arbitrary code on the affected server, with the impact described as...
CVE-2020-16013
CVE-2020-16013 concerns the Chromium V8 engine used by Google Chrome prior to 86.0.4240.198, where an inappropriate implementation could allow a remote attacker to trigger heap corruption via a crafted HTML page. Affected software is Chromium-based Chrome builds up to version 86.0.4240.198 (inclu...
CVE-2020-27930
CVE-2020-27930 is a memory corruption vulnerability in font parsing that can lead to arbitrary code execution when processing a malicious font. Affected Apple software includes macOS Big Sur 11.0.1, iOS 14.2, iPadOS 14.2, watchOS 7.1, and corresponding Security Updates (e.g., High Sierra/Mojave)....
CVE-2020-9818
CVE-2020-9818 describes an out‑of‑bounds write in the Mail component of Apple iOS/iPadOS/watchOS. Affected versions: iOS 13.5 and iPadOS 13.5, iOS 12.4.7, and watchOS 6.2.5. Root cause: improved bounds checking in handling of malicious mail messages may prevent memory corruption. Impact as stated...
CVE-2020-0638
CVE-2020-0638 is a Windows Update Notification Manager elevation-of-privilege vulnerability. An attacker who already has code execution on the target could exploit the flaw by running a crafted program to elevate privileges, due to how the Update Notification Manager handles files. The issue is l...
CVE-2012-6708
CVE-2012-6708 concerns jQuery. In versions before 1.9.0, the library’s jQuery(strInput) would treat inputs containing the character ‘<’ as HTML payloads, conflating HTML with selectors and enabling XSS via crafted strings. The underlying issue was that any input containing ‘<’ could be misi...
CVE-2019-12384
CVE-2019-12384 affects FasterXML jackson-databind 2.x (pre-2.9.9.1) where failure to block logback-core in polymorphic deserialization can enable remote code execution depending on classpath contents. The Connected IBM documents corroborate broader jet deserialization gadget vulnerabilities in ja...
CVE-2018-0161
The CVE-2018-0161 issue is a Cisco IOS/IOS XE SNMP vulnerability affecting Cisco Catalyst switches (e.g., 2960-L series and related Digital Building Series switches) where an authenticated SNMP GET for the ciscoFlashMIB OID can trigger a DoS and restart the device (SYS-3-CPUHOG). Root cause is a ...
CVE-2019-0903
Technical details about CVE-2019-0903 (affected component/version/root cause/impact) are not publicly provided in the supplied documents. Monitor for updates.
CVE-2018-1302
Apache HTTP Server (httpd) before 2.4.30 may write a NULL pointer to freed memory when an HTTP/2 stream is destroyed after handling. This is described as low risk and hard to trigger in standard configurations, with no reproducibility outside debug builds. Affected releases include older 2.4.x li...
CVE-2013-3897
CVE-2013-3897 is a use-after-free vulnerability in the CDisplayPointer class of mshtml.dll used by Microsoft Internet Explorer (IE6–IE11). The flaw is triggered via crafted JavaScript using the onpropertychange event, leading to remote code execution or memory corruption. Public discussions and r...
CVE-2021-20023
The CVE-2021-20023 entry affects SonicWall Email Security (version 10.0.9.x). Connected advisories describe a directory traversal/path traversal vulnerability that, when exploited by a post-authenticated attacker, could allow reading arbitrary files on the remote host. Evidence from advisories an...
CVE-2020-8196
CVE-2020-8196 is an information-disclosure vulnerability in Citrix ADC/ Gateway and Citrix SD-WAN WANOP where improper access control allows limited data exposure to low-privilege users. Affected versions include Citrix ADC/Gateway prior to 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-...
CVE-2018-0167
CVE-2018-0167 involves multiple buffer overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, IOS XE Software, and IOS XR Software. The description documents that an unauthenticated, adjacent attacker could trigger a denial of service or escalate pri...
CVE-2012-0767
Adobe Flash Player contains a Cross‑Site Scripting (XSS) vulnerability (UXSS) tracked as CVE-2012-0767. The public description specifies that remote attackers could inject arbitrary script or HTML via unspecified vectors. Affected versions include Flash Player before 10.3.183.15 and 11.x before 1...
CVE-2025-24166
Apple security advisory PT-2025-5329 links CVE-2025-24166 to a memory/state-management weakness that can be triggered by processing malicious web content, causing an unexpected process crash. Affected products and minimum patch levels cite: iPadOS before 17.7.4; macOS Ventura before 13.7.3; macOS...
CVE-2024-3859
CVE-2024-3859: Mozilla Firefox and Thunderbird are affected by a 32-bit integer overflow that can cause an out-of-bounds read via a malformed OpenType font. Affected products per the CVE entry: Firefox < 125, Firefox ESR < 115.10, and Thunderbird
CVE-2020-8195
CVE-2020-8195 involves improper input validation in Citrix ADC and Citrix Gateway (and Citrix SD-WAN WAN-OP) prior to version 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14, and 10.5-70.18, plus WAN-OP 11.1.1a/11.0.3d/10.2.7. It results in limited information disclosure to low-privileged users. T...
CVE-2020-3161
The CVE-2020-3161 issue affects the web server used by Cisco IP Phones, where improper input validation of HTTP requests can allow an unauthenticated, remote attacker to execute code with root privileges or trigger a reload, causing a DoS. The vulnerability is tied to input validation flaws in th...
CVE-2019-3010
CVE-2019-3010 affects Oracle Solaris with the XScreenSaver component. A local privilege-escalation vulnerability exists in xscreensaver since version 5.06 on unpatched Solaris 11; a user with local logon can escalate privileges to root, potentially compromising the system. Public references descr...
CVE-2017-0037
CVE-2017-0037 affects Microsoft Internet Explorer 10/11 and Microsoft Edge via a type confusion in mshtml.dll (Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement), enabling remote code execution through crafted CSS/JS sequences. Connected sources note public exploitation acti...
CVE-2010-5330
CVE-2010-5330 covers a command injection in Ubiquiti devices via GET to stainfo.cgi. The issue arises because the ifname parameter is not sanitized, enabling shell metacharacters to be injected. Affected families include Ubiquiti AirOS (before 4.0.1), AirMax ISP products (before 5.3.5), and AirSy...
CVE-2016-1555
CVE-2016-1555 affects NETGEAR wireless AP/routers (e.g., WN604/3.3.3+; WN802Tv2; WNAP210v2; WNAP320; WNDAP3xx/6xx) and related firmware where five PHP data endpoints (boardData102.php, boardData103.php, boardDataJP.php, boardDataNA.php, boardDataWW.php) permit unauthenticated remote command execu...
CVE-2023-34062
CVE-2023-34062 affects Reactor Netty HTTP Server. Versions 1.1.x prior to 1.1.13 and 1.0.x prior to 1.0.39 are vulnerable when the server is configured to serve static resources. A crafted URL can trigger a directory traversal (path traversal) vulnerability, allowing access to restricted files. T...
CVE-2022-42889
CVE-2022-42889 affects Apache Commons Text 1.5–1.9 where default interpolation lookups (script, dns, url) can trigger arbitrary code execution or remote access when untrusted values are used. The vulnerability can lead to remote code execution or unintended contact with remote servers via the Str...
CVE-2020-9819
CVE-2020-9819 is a memory consumption issue in Apple’s Mail processing that can lead to heap corruption when handling a maliciously crafted mail message. Public sources confirm the vulnerability affects Apple platforms and was fixed in specific updates: iOS 13.5, iPadOS 13.5, iOS 12.4.7, watchOS ...
CVE-2018-0175
CVE-2018-0175 is a vulnerability in the LLDP subsystem of Cisco IOS Software, IOS XE Software, and IOS XR Software. The issue stems from a Format String vulnerability in LLDP that could allow an unauthenticated, adjacent attacker to cause a denial of service or to execute arbitrary code with elev...
CVE-2012-5519
CVE-2012-5519 affects the Common UNIX Printing System (CUPS) 1.4.4 and earlier on Linux distros (e.g., Debian). The web interface stores the administrator key in /var/run/cups/certs/0 with permissions that allow lpadmin users to read/write files, enabling local privilege escalation to root via th...
CVE-2014-1761
CVE-2014-1761 is a memory-corruption vulnerability in Microsoft Word triggered by crafted RTF data, allowing remote code execution or memory-corruption denial of service. Affected products include Word 2003 SP3, 2007 SP3, 2010 SP1/SP2, 2013 and 2013 RT, Word Viewer, Office Compatibility Pack SP3,...
CVE-2024-4368
CVE-2024-4368 affects Chromium/Chrome where Dawn use-after-free can lead to heap corruption via a crafted HTML page. The issue is fixed in Chromium 124.0.6367.118 and newer per multiple advisories (e.g., Debian DSA-5676-1 and Fedora/chromium updates); update Chromium/Chrome to the patched version...
CVE-2021-22941
CVE-2021-22941 affects Citrix ShareFile Storage Zones Controller prior to version 5.11.20 and is due to Improper Access Control. An unauthenticated attacker could remotely compromise the storage zones controller, with an endpoint exposure at /ShareFile/StorageCenter/Upload.aspx and potential for ...
CVE-2019-1003029
CVE-2019-1003029 describes a sandbox bypass in Jenkins Script Security Plugin (versions ≤ 1.53) that lets attackers with Overall/Read permission execute arbitrary code on the Jenkins master JVM. Affected components are in the plugin’s Groovy sandbox: GroovySandbox.java and SecureGroovyScript.java...
CVE-2017-5070
CVE-2017-5070 is a type confusion vulnerability in Google Chrome’s V8 engine that allows a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Affected products include Google Chrome and other Chromium-based browsers (V8 engine), with desktop versions prior to 59...
CVE-2014-6352
CVE-2014-6352 is an OLE remote code execution vulnerability in Microsoft Windows where a crafted OLE object can trigger arbitrary code execution. The issue affected Windows Vista SP2, Windows 7 SP1, Windows 8/8.1, Windows Server 2008/2012 variants, and Windows RT, with public exploitation reporte...
CVE-2022-20708
CVE-2022-20708 affects Cisco Small Business RV160/RV260/RV340/RV345 Series Routers. Vulnerabilities allow arbitrary code execution, privilege escalation, arbitrary command execution, bypass of authentication/authorization, installation of unsigned software, and DoS, via issues in the web-based ma...
CVE-2021-22894
Pulse Connect Secure (PCS) is affected by CVE-2021-22894: a buffer overflow in Pulse Connect Secure Collaboration Suite prior to 9.1R11.4 can allow a remote authenticated user to execute arbitrary code as root via a maliciously crafted meeting room. The vulnerability has a high CVSS score (3.1): ...
CVE-2019-7483
SonicWall SMA100 is affected by CVE-2019-7483: an unauthenticated Directory Traversal in the handleWAFRedirect CGI that can reveal file presence on the server. The affected product is SonicWall SMA100; evidence across multiple sources consistently describes directory traversal affecting unauthent...
CVE-2018-8273
CVE-2018-8273 is a buffer overflow vulnerability in Microsoft SQL Server that could allow remote code execution. Public details identify affected products as Microsoft SQL Server (notably SQL Server 2016/2017 families) with exploitation described as requiring the ability to execute SQL queries ag...
CVE-2023-36802
CVE-2023-36802 is an Elevation of Privilege vulnerability in the Microsoft Streaming Service Proxy (MSKSSRV.SYS). The connected documents identify the root cause as an object type confusion in the Windows kernel-mode driver, enabling local privilege escalation to SYSTEM on vulnerable Windows 10/1...
CVE-2020-17496
Vulnerability: vBulletin 5.5.4–5.6.2 allows remote code execution via crafted subWidgets data in ajax/render/widget_tabbedcontainer_tab_panel requests. Root cause: an incomplete patch for CVE-2019-16759 left a logic bug in widget handling, enabling pre-auth code execution. Impact: remote PHP code...
CVE-2016-7201
Technical details about CVE-2016-7201 are not publicly provided in the supplied documents. Monitor official advisories for updates on affected components, versions, impact, and remediations.
CVE-2020-8218
Pulse Connect Secure
CVE-2019-16256
CVE-2019-16256 concerns the SIMalliance Toolbox Browser (S@T Browser) embedded on the UICC in some Samsung devices. The Red Hat/Red Hat-related and CVE references describe a vulnerability where SIM Toolkit (STK) instructions in an SMS could be abused to retrieve location data, IMEI, or other data...
CVE-2019-15949
Nagios XI