367897 matches found
CVE-2016-1010
CVE-2016-1010 is an integer overflow vulnerability in Adobe Flash Player and Adobe AIR stack. Affected: Flash Player before 18.0.0.333 and 19.x–21.x before 21.0.0.182 on Windows/macOS; Flash before 11.2.202.577 on Linux; Adobe AIR before 21.0.0.176 and AIR SDK/Compiler before 21.0.0.176. Cause: i...
CVE-2023-45285
CVE-2023-45285 : Golang Go could allow a remote attacker to obtain sensitive information when using go get to fetch a module with the ".git" suffix. The vulnerability arises because, if the module is not available via secure https or git+ssh, the fetch may fall back to the insecure git:// protoco...
CVE-2020-10181
Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 is affected by a cross-site request forgery (CSRF) vulnerability (CVE-2020-10181) in goform/formEMR30 that enables creation of arbitrary administrator users. Exploitation demonstrated via a payload like setString=new_useradministrator sent to /...
CVE-2019-13608
Citrix StoreFront Server is affected by CVE-2019-13608: XML External Entity (XXE) processing vulnerability present in StoreFront versions before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000). The issue enables XXE attacks, with potential impact including reading arbit...
CVE-2019-10758
MongoDB mongo-express ≤0.53.x is vulnerable to Remote Code Execution via endpoints using toBSON, due to unsafe use of the vm module to run exec commands. Affected component: mongo-express server-side routes that invoke toBSON. Root cause: misusing vm to execute commands in a non-safe environment....
CVE-2017-6739
CVE-2017-6739 describes a Cisco IOS/IOS XE SNMP subsystem vulnerability where a buffer overflow in SNMP handling can allow an authenticated, remote attacker to either reload the device or execute arbitrary code. Affected are Cisco devices running IOS/IOS XE with SNMP enabled; exploitation require...
CVE-2016-3976
CVE-2016-3976 affects SAP NetWeaver AS Java versions 7.1–7.5. The vulnerability is a directory traversal in the AS Java Monitoring/CrashFileDownloadServlet component, exploitable remotely via a ..\ in the fileName parameter to read arbitrary files on the server. Public references point to SAP Sec...
CVE-2015-8651
CVE-2015-8651 is an Adobe Flash Player vulnerability described as an integer overflow that enables remote code execution. The initial entry lists affected Flash Player versions on Windows, OS X, and Linux, and notes exploitation to run arbitrary code via unspecified vectors. Connected sources con...
CVE-2018-8298
CVE-2018-8298 – ChakraCore RCE vulnerability exists in the ChakraCore scripting engine, arising from how memory objects are handled. A remote code execution flaw is described, affecting ChakraCore (and related Microsoft scripting environments per linked advisories). The issue is categorized as a ...
CVE-2017-6663
CVE-2017-6663 relates to Cisco IOS/IOS XE Autonomic Networking. The flaw allows an unauthenticated, adjacent attacker to trigger a reload of autonomic nodes, causing a DoS condition. Affected products include Cisco IOS Software and Cisco IOS XE Software with Autonomic Networking enabled (per Dena...
CVE-2017-6744
CVE-2017-6744 is a Cisco IOS/IOS XE SNMP remote code execution vulnerability caused by a buffer overflow in the SNMP subsystem. An authenticated, remote attacker could exploit this by sending a crafted SNMP packet over IPv4/IPv6 to affected devices, potentially executing arbitrary code or causing...
CVE-2017-6740
CVE-2017-6740 describes multiple SNMP remote code execution vulnerabilities in Cisco IOS and IOS XE, due to a buffer overflow in the SNMP subsystem. An authenticated, remote attacker could exploit crafted SNMP packets (over IPv4/IPv6) to execute arbitrary code or cause a reload. Exploitation for ...
CVE-2016-1646
Summary: CVE-2016-1646 affects Google Chrome’s V8 engine. The Array.prototype.concat implementation in V8/builtins.cc does not properly consider element data types, enabling a remote attacker to cause a denial of service (out-of-bounds read) via crafted JavaScript code. Affected software/versions...
CVE-2022-22434
IBM Robotic Process Automation (RPA) versions 21.0.1 and 21.0.2 are affected by CVE-2022-22434, where a user with physical access can modify an API request to create additional objects. The IBM security bulletin lists remediation: upgrade to 21.0.1.6 for 21.0.1 and 21.0.2.3 for 21.0.2; RPA as a S...
CVE-2021-25298
CVE-2021-25298 affects Nagios XI up to version 5.7.5, with an authenticated OS command-injection in /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php caused by improper sanitization of user-controlled input via a single HTTP request. The vulnerability can enable remote cod...
CVE-2020-14864
CVE-2020-14864 affects Oracle BI Enterprise Edition (OBIEE) under the Fusion Middleware Installation component. A Directory Traversal/Local File Inclusion in the getPreviewImage function lets an authenticated attacker with access to the admin interface read arbitrary system files via the previewF...
CVE-2020-11945
Squid vulnerability CVE-2020-11945 is confirmed in various advisories for Squid prior to 5.0.2, where a remote attacker can replay a sniffed Digest Authentication nonce due to overflow of the nonce reference counter, potentially enabling remote code execution if pooled token credentials are freed...
CVE-2020-7065
CVE-2020-7065 concerns PHP mb_strtolower() with UTF-32LE encoding. Affects PHP 7.3.x below 7.3.16 and 7.4.x below 7.4.4; invalid strings can cause a stack-allocated buffer overrun, leading to memory corruption, crashes, and potential code execution. Publicly documented fixes appear in PHP 7.3.16+...
CVE-2017-0210
CVE-2017-0210 is an Internet Explorer elevation-of-privilege vulnerability caused by IE not properly enforcing cross-domain policies, allowing information disclosure and potential content injection across domains. The CVE is referenced in multiple 2017 security updates for Internet Explorer and i...
CVE-2019-0808
Technical details (affected software, vulnerable component, root cause, impact, fixes) are not provided in the connected documents. Please monitor for updates from official advisories.
CVE-2017-12232
Cisco ISR G2 routers running Cisco IOS 15.0–15.6 are affected by CVE-2017-12232 due to a misclassification of Ethernet frames, which allows an unauthenticated adjacent attacker to cause a reload and a DoS condition by sending a crafted Ethernet frame. The vulnerability impact is a denial of servi...
CVE-2017-6627
CVE-2017-6627 affects Cisco IOS 15.1/15.2/15.4 and IOS XE 3.14–3.18. A UDP processing code issue leaves UDP sockets idle, allowing unauthenticated remote attackers to send UDP packets (dest port 0) that fill the input interface queue, wedge an interface queue, and cause DoS. The input queue repor...
CVE-2004-0210
CVE-2004-0210 describes a local privilege escalation in the Windows POSIX subsystem affecting Windows NT 4.0 and Windows 2000. The vulnerability is a buffer overflow caused by unchecked message length handling in the POSIX subsystem, enabling a local authenticated user to gain full system privile...
CVE-2023-36479
What is affected. Jetty’s CGI Servlet (org.eclipse.jetty.servlets.CGI) in Jetty versions impacted by CVE-2023-36479. Root cause. When a request targets a binary with a space in its name, Jetty escapes the command by wrapping it in quotes; if the binary name contains a quotation mark followed by a...
CVE-2022-20791
CVE-2022-20791 affects Cisco Unified Communications Manager (CUCM), Unified CM SME, and Unified CM IM&P. Root cause: insufficient file permission restrictions that allow an authenticated remote attacker to read arbitrary files on the underlying OS by sending a crafted command via the application ...
CVE-2021-38163
CVE-2021-38163 affects SAP NetWeaver (Visual Composer 7.0 RT) versions 7.30/7.31/7.40/7.50 with an unrestricted file upload path traversal that, when exploited by an authenticated non-administrative user, can trigger processing of a malicious file and execute OS commands under the Java Server pro...
CVE-2020-1631
CVE-2020-1631 is a path traversal/LFI vulnerability in the HTTP/HTTPS J-Web service of Junos OS. An unauthenticated attacker can exploit HTTP(S) to perform local file inclusion, path traversal, or possibly inject commands into httpd.log, read files with world-readable permissions (notably configu...
CVE-2018-0173
CVE-2018-0173 affects Cisco IOS Software and Cisco IOS XE Software. The issue is incomplete input validation of encapsulated DHCPv4 option 82 information, processed when handling DHCPOFFER responses forwarded to DHCP servers. A crafted DHCPv4 packet can trigger an error in processing the option 8...
CVE-2017-11292
Adobe Flash Player
CVE-2015-2291
CVE-2015-2291 affects Intel Ethernet diagnostics drivers IQVW32.sys and IQVW64.sys (Windows). The connected exploit write-up details a local-privilege-escalation path via IOCTL handling, where a memmove-like dispatch (via a jump-table 0x33) enables arbitrary kernel memory read/write by crafting a...
CVE-2013-2729
CVE-2013-2729 : Integer overflow in Adobe Reader/Acrobat BMP/RLE image handling can lead to arbitrary code execution. Affected: Adobe Reader/Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03. Root cause: heap/buffer overflow while parsing embedded BMP RLE resources in PDFs. Im...
CVE-2020-24557
CVE-2020-24557 affects Trend Micro Apex One, OfficeScan, and Worry‑Free Business Security on Windows. The issue is an improper access control that allows an attacker who can run low‑privilege code to manipulate a protected product folder, disable security temporarily, abuse a Windows function, an...
CVE-2018-0174
CVE-2018-0174 affects Cisco IOS/IOS XE DHCP option 82 encapsulation. The issue is incomplete input validation of DHCPv4 option 82 data received from DHCP relay agents, allowing an unauthenticated, remote attacker to cause an affected device to reload and trigger a DoS. The connected documents con...
CVE-2009-3953
CVE-2009-3953 affects Adobe Reader/Acrobat U3D handling in PDFs. The vulnerability arises from a CLODProgressiveMeshDeclaration array boundary issue in the U3D implementation, allowing remote code execution when processing malformed U3D data. Affected product versions include Acrobat/Reader 9.x p...
CVE-2025-26466
CVE-2025-26466 describes a DoS in OpenSSH where a malicious client floods ping/pong packets, causing unbounded memory growth on the server. Connected IBM AIX advisory notes affected OpenSSH filesets and provides concrete fixes: openssh.base.client/server at OpenSSH versions 9.7.3013.1000 (and 9.9...
CVE-2022-21176
CVE-2022-21176 affects Airspan/Mimosa MMP and related C-series and A5x device versions: improper input sanitization leads to SQL injection and potential exposure of sensitive data. Affected versions: MMP < 1.0.3; PTP C-series < 2.8.6.1; PTMP C-series/A5x
CVE-2015-1187
CVE-2015-1187 is a remote command injection vulnerability in the NCC service used by multiple D-Link and TRENDnet devices. The ping handling (ping_addr to ping.ccp) enables an attacker to execute arbitrary commands, causing full remote code execution with high impact (CVE-2015-1187 CVSS v3.1 base...
CVE-2012-1535
Adobe Flash Player suffers an arbitrary code execution/DoS vulnerability (CVE-2012-1535) via crafted SWF content. Expected impact is remote code execution or application crash; evidence cites in-the-wild activity in August 2012. Affected versions are Windows/Mac OS X: prior to 11.3.300.271; Linux...
CVE-2006-2492
CVE-2006-2492 is a buffer overflow in Microsoft Word (Office 2000 SP3, XP SP3, 2003 SP1/SP2) and Microsoft Works through 2006 caused by a malformed object pointer. The flaw allows arbitrary code execution and requires user interaction (via opening a crafted Word/Works document). Affected products...
CVE-2024-38063
CVE-2024-38063 is a Windows IPv6/tcpip.sys vulnerability involving improper handling of IPv6 extension headers and fragmentation. Technical material in connected docs shows an integer underflow in the IPv6 fragment reassembly path (Ipv6pReassemblyTimeout) and a risky code path where IppSendErrorL...
CVE-2020-17049
CVE-2020-17049 is a Kerberos KDC service-ticket delegation bypass in IBM Application Gateway, enabling a compromised service using Kerberos Constrained Delegation to tamper with service tickets and force KDC acceptance. The vulnerability affects IBM Application Gateway versions 19.12–24.06. IBM’s...
CVE-2016-0162
CVE-2016-0162 affects Microsoft Internet Explorer 9–11. The vulnerability is an information disclosure flaw: crafted JavaScript can cause IE to reveal the existence of local files, enabling an attacker to detect specific files on a user’s system. Impact is limited to information disclosure (not c...
CVE-2016-11021
The CVE-2016-11021 entry concerns D-Link DCS-930L devices with version 2.12 and earlier. The vulnerability arises from a flaw in the setSystemCommand handling, allowing a remote attacker to execute arbitrary OS commands via the SystemCommand parameter. The Red Hat, CISA KEV, CVE records and PT-Se...
CVE-2017-12233
Summary: CVE-2017-12233 affects Cisco IOS (versions 12.4–15.6) where CIP (Common Industrial Protocol) packets are improperly parsed. The root cause is insufficient input handling for CIP requests, allowing an unauthenticated, remote attacker to cause an affected device to reload, producing a deni...
CVE-2017-6334
CVE-2017-6334 affects NETGEAR DGN2200 routers (firmware up to 10.0.0.50). The vulnerability is a command-injection in dnslookup.cgi, exploitable by remote authenticated users via shell metacharacters in the host_name field of an HTTP POST, enabling arbitrary OS command execution. Related entries ...
CVE-2015-2419
CVE-2015-2419 is a JScript 9 vulnerability in Microsoft Internet Explorer (IE10/IE11) that allows remote code execution and memory corruption when processing crafted JSON with JSON.stringify. The CVE is exploited via malicious web content and has been leveraged by loaders in exploit kits (notably...
CVE-2025-32965
CVE-2025-32965 affects xrpl.js, a JavaScript/TypeScript API for the XRP Ledger. Versions 4.2.1–4.2.4 and 2.14.2 are compromised, containing malicious code designed to exfiltrate private keys. The High-risk impact includes potential key exposure and compromised confidentiality and integrity of aff...
CVE-2020-8908
CVE-2020-8908 (Guava) : A temp directory creation vulnerability exists in all Guava versions where guava’s API com.google.common.io.Files.createTempDir() creates temporary directories that are world-readable on Unix-like systems. The issue arises because the temp dir permissions are not restricte...
CVE-2018-0154
CVE-2018-0154 affects the Cisco IOS ISM‑VPN crypto engine. The issue stems from improper handling of VPN traffic, allowing an unauthenticated, remote attacker to trigger a DoS via crafted VPN traffic that can cause the device to hang or crash. Affected product: Cisco Integrated Services Module fo...
CVE-2015-1130
CVE-2015-1130 affects Apple OS X, specifically the XPC implementation in the Admin Framework, before 10.10.3. It allows local users to bypass authentication and obtain admin privileges via unspecified vectors. Exploitation has been demonstrated (e.g., ROOTPIPE/Rootpipe PoC and Metasploit/CANVAS r...