368521 matches found
CVE-2021-41182
CVE-2021-41182 is an XSS in the jQuery-UI Datepicker altField path (embedded in some OTRS deployments). Affected version observed as 1.12.1 copy; the issue is fixed in jQuery UI 1.13.0 by treating any altField value as a CSS selector. Debris from related CVEs (41183/41184) describe similar issues...
CVE-2016-10174
The NETGEAR WNR2000v5 router is affected by a buffer overflow in the hidden_lang_avi parameter when invoking /apply.cgi?/lang_check.html. An unauthenticated attacker can cause remote code execution. Documentation and exploit sources (e.g., Metasploit module for WNR2000v5 and exploits in Exploit-D...
CVE-2014-4113
CVE-2014-4113 corresponds to a Windows kernel-win32k.sys local privilege escalation (MS14-058) affecting multiple Windows editions (e.g., Windows 7/8/8.1 and corresponding server variants). The vulnerability arises in win32k.sys kernel-mode drivers and allows a crafted user-mode application to ga...
CVE-2009-3129
CVE-2009-3129 concerns a remote-code-execution vulnerability in Microsoft Office Excel and related components caused by a FEATHEADER record with an invalid cbHdrData size that affects a pointer offset. Affected products include Excel 2002 SP3, 2003 SP3, 2007 SP1/SP2, Open XML File Format Converte...
CVE-2023-40217
CVE-2023-40217 affects Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. The issue occurs mainly in TLS client-auth scenarios on servers (e.g., HTTP servers). If a TLS server-side SSLSocket is created, data is read into the socket buffer and the socket is...
CVE-2022-3437
CVE-2022-3437 is a heap-based buffer overflow in Samba’s use of Heimdal GSSAPI (unwrap_des/unwrap_des3). The fix involved making memcmp constant-time and patching a compiler-related issue by adding “!= 0” to memcmp results; backported patches were applied to heimdal-7.7.1 and 7.8.0 branches (and ...
CVE-2021-43891
A concrete exploit artifact exists for CVE-2021-43891: the Github repo Exploit for CVE-2021-43891 demonstrates a Proof-of-Concept remote code execution in Visual Studio Code via the Remote WSL component. The PoC provides build/install steps, a local server workflow, and specific file-system locat...
CVE-2021-22907
CVE-2021-22907 is a local privilege escalation vulnerability in Citrix Workspace App for Windows caused by improper access control. The issue affects Citrix Workspace App on Windows in versions prior to 2105 and the 1912 LTSR branch prior to CU4. A local user with admin privileges could escalate ...
CVE-2019-9948
CVE-2019-9948 involves urllib in Python 2.x (up to 2.7.16) and urllib in Python 3.x up to 3.7.4, where the local_file: scheme can bypass blacklist protections, enabling remote attackers to trigger local_file:///… URIs (e.g., /etc/passwd) and bypass URL-filtering. Public advisories from Debian, Re...
CVE-2021-3621
SSSD is affected by CVE-2021-3621. The sssctl command (logs-fetch and cache-expire) is vulnerable to shell command injection, enabling an attacker to trick root (e.g., via sudo) into running a crafted sssctl command to gain root privileges. Advisories from Astra Linux, Debian LTS, Gentoo and Amaz...
CVE-2018-0180
Cisco IOS Software CVE-2018-0180 describes multiple DoS vulnerabilities in the Login Enhancements (Login Block) feature, enabling an unauthenticated, remote attacker to trigger a device reload. Affected are Cisco devices running IOS releases 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. The root ca...
CVE-2017-12231
Cisco IOS NAT denial-of-service vulnerability (CVE-2017-12231) affects IOS 12.4–15.6 where NAT ALG improperly translates H.323 RAS messages, allowing unauthenticated remote DoS via crafted IPv4 packets. Affected devices using NAT ALG for H.323 RAS messages can crash and reload. Exploitation detai...
CVE-2013-0625
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 are affected by CVE-2013-0625, where an unauthenticated bypass is possible if a password is not configured, potentially enabling remote code execution via unspecified vectors; exploited in the wild in January 2013. (CVSS v2 base 6.8; CVSS v3.1 base 9.8). No ...
CVE-2005-2773
CVE-2005-2773 affects HP OpenView Network Node Manager 6.2 through 7.50. The vulnerability enables remote attackers to execute arbitrary commands by injecting shell metacharacters into parameters handled by CGI scripts (connectedNodes.ovpl, cdpView.ovpl, freeIPaddrs.ovpl, ecscmg.ovpl). Public wri...
CVE-2017-12319
Cisco IOS XE Software EVPN BGP vulnerability CVE-2017-12319 allows an unauthenticated remote attacker to trigger a reload or BGP routing-table corruption, causing DoS. Root cause: changes in the BGP MPLS-Based EVPN RFC 7432 draft lead to miscalculation of the IP address length field when processi...
CVE-2013-0641
CVE-2013-0641 is a buffer overflow in Adobe Reader and Acrobat versions prior to certain patches that allows a remote attacker to execute arbitrary code via a crafted PDF. The description specifies impact as remote code execution, with exploitation observed in the wild in February 2013. Affected ...
CVE-2024-11859
CVE-2024-11859 concerns ESET products for Windows where the ESET Command-Line scanner insecurely loads the system library version.dll, enabling a DLL search-order hijack. ToddyCat researchers describe TCESB, a malicious DLL that uses DLL proxying and BYOVD techniques (Dell DBUtilDrv2.sys) to inst...
CVE-2024-36978
In CVE-2024-36978, a Linux kernel local privilege escalation risk arises from an out-of-bounds write in net: sched: sch_multiq (multiq_tune). The bug occurs because q->bands is assigned to qopt->bands after kmalloc, and the old q->bands may be erroneously used, leading to an out-of-bound...
CVE-2018-19943
CVE-2018-19943 affects QNAP QTS File Station across multiple versions. The vulnerability is a cross-site scripting flaw that, if exploited, could allow remote attackers to inject malicious code. Public details from NVD and Nessus indicate QTS fixes have been released in several versions (e.g., QT...
CVE-2010-2883
CVE-2010-2883 describes a stack-based buffer overflow in Adobe’s CoolType.dll (SING table handling) that affects Adobe Reader/Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Windows and macOS. A long field in a TTF font’s SING table in a PDF can allow remote code execution or cause a DoS (applicat...
CVE-2022-21143
CVE-2022-21143 is an OS Command Injection affecting Airspan/Mimosa MMP family. Affected: MMP prior to v1.0.3; PTP C-series prior to v2.8.6.1; PTMP C-series and A5x prior to v2.5.4.1. Root cause: improper sanitization of user input across multiple locations, enabling an attacker to inject arbitrar...
CVE-2018-8611
CVE-2018-8611 – Windows kernel elevation of privilege . The vulnerability arises because the Windows kernel fails to properly handle objects in memory, enabling a local attacker to run arbitrary code in kernel mode and perform actions such as installing programs, changing data, or creating accoun...
CVE-2017-12235
The CVE-2017-12235 issue is a DoS flaw in Cisco IOS Software’s PROFINET Discovery and Configuration Protocol (PN-DCP) handling. It affects Cisco IOS on devices configured to process PN-DCP (notably Cisco Industrial Ethernet Switches) and stems from improper parsing of PN-DCP Identify Request pack...
CVE-2015-3035
TP-LINK routers are affected by CVE-2015-3035: a directory traversal in PATH_INFO triggered at /login/ that allows remote attackers to read arbitrary files. Affected models and firmware windows include Archer C5 (1.2) <150317, C7 (2.0) <150304, C8 (1.0) <150316, Archer C9 (1.0), TL-WDR35...
CVE-2022-29499
The CVE-2022-29499 vulnerability affects the Service Appliance component in Mitel MiVoice Connect (SA 100, SA 400, Virtual SA) through 19.2 SP3, due to incorrect data validation that enables remote code execution. Impact is documented as Remote Code Execution with high/severe CVSS scores (up to 9...
CVE-2018-0179
CVE-2018-0179 describes DoS in Cisco IOS Software due to vulnerabilities in the Login Enhancements (Login Block) feature. Affected are Cisco IOS releases 15.4(2)T, 15.4(3)M, 15.4(2)CG and later. An unauthenticated, remote attacker can trigger a device reload, causing DoS. The connected Cisco advi...
CVE-2017-12238
Cisco IOS on Catalyst 6800 Series switches (Cisco 6800-16P10G/16P10G-XL with Supervisor Engine 6T) is affected by CVE-2017-12238. The vulnerability stems from a memory management flaw in the VPLS code, exploitable by an unauthenticated, adjacent attacker who can flood the MAC address table with V...
CVE-2019-12418
CVE-2019-12418 affects Apache Tomcat 9.0.0.M1–9.0.28, 8.5.0–8.5.47, 7.0.0–7.0.97 when JMX Remote Lifecycle Listener is enabled: a local attacker without Tomcat access can manipulate the RMI registry to perform a MITM and steal credentials to gain full control of the Tomcat instance. Connected adv...
CVE-2012-0518
Oracle Fusion Middleware – Oracle Application Server Single Sign-On (SASO) 10.1.4.3.0 is listed as vulnerable in CVE-2012-0518, with the issue related to Redirects and affecting integrity. A connected PT-2012-4537 entry confirms the affected version (10.1.4.3.0) and notes there is no information ...
CVE-2012-5054
CVE-2012-5054 specifies an integer overflow in the Matrix3D.copyRawDataTo method of Adobe Flash Player, enabling remote code execution via malformed arguments. Affected component: Flash Player (Matrix3D class). Root cause: integer overflow in copyRawDataTo. Impact: arbitrary code execution with n...
CVE-2025-24358
The CVE-2025-24358 issue affects gorilla/csrf across Go web apps, where prior to 1.7.2 the Origin header wasn’t validated against an allowlist and Referer checks were gated by a TLS-detection that misbehaves for server requests. Attackers with XSS on a subdomain/top‑level domain could submit auth...
CVE-2022-42475
Fortinet FortiOS SSL-VPN (and FortiProxy SSL-VPN) suffer a heap-based buffer overflow (CWE-122) leading to remote code execution. A remote unauthenticated attacker can trigger via crafted requests, affecting FortiOS/FortiProxy versions up to 7.2.2, 7.0.x, 6.4.x, 6.2.x, 6.0.x and earlier. CVSS v3....
CVE-2015-5119
The CVE-2015-5119 entry documents a use-after-free in Adobe Flash Player’s AS3 ByteArray class. The vulnerability arises when a crafted valueOf override in an object causes the ByteArray storage to be reallocated during a write ba[0] = obj, leading to memory corruption and potential remote code e...
CVE-2013-0631
CVE-2013-0631 concerns an information-disclosure vulnerability in Adobe ColdFusion 9.0, 9.0.1, and 9.0.2. The published data indicate that an attacker could obtain sensitive information via unspecified vectors, with exploitation reported in the wild in January 2013. The CVSS data from NVD shows a...
CVE-2012-2539
CVE-2012-2539 is Microsoft Word remote code execution vulnerability caused by parsing crafted RTF data (Word RTF 'listoverridecount'). It affects Word 2003 SP3, 2007 SP2/SP3, 2010 SP1; Word Viewer; Office Compatibility Pack SP2/SP3; and Office Web Apps 2010 SP1. The underlying issue is memory cor...
CVE-2023-32434
CVE-2023-32434 is an Apple kernel vulnerability in the XNU VM layer causing an integer overflow that could allow an app to execute code with kernel privileges. Public documentation confirms fixed in multiple OS versions (watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 / iPadOS 15.7.7, macOS Monte...
CVE-2016-4523
CVE-2016-4523 affects Trihedral VTScada (VTS) WAP interface on Windows, with VTScada versions 8.x through 11.x prior to 11.2.02. The vulnerability allows remote attackers to cause a denial of service via an out-of-bounds read that crashes the application. Public disclosures and mitigations descri...
CVE-2010-2572
CVE-2010-2572 describes a remote code execution vulnerability in Microsoft PowerPoint 2002 SP3 and 2003 SP3 caused by an error in parsing PowerPoint 95 files (PowerPoint Parsing Buffer Overflow). The issue could allow an attacker to take complete control of an affected system by convincing a user...
CVE-2009-0563
CVE-2009-0563 is a Stack-based buffer overflow in Microsoft Word components that allows remote code execution when a user opens a crafted Word document with an invalid length field. Affected products include Word 2002 SP3, 2003 SP3, Word 2007 SP1/SP2, Office for Mac 2004/2008, Open XML File Forma...
CVE-2024-50379
CVE-2024-50379 is a TOCTOU race condition in JSP compilation on Apache Tomcat that can lead to RCE when the default servlet is writable on case-insensitive file systems. Affected lines include Tomcat 11.0.0-M1–11.0.1, 10.1.0-M1–10.1.33, and 9.0.0.M1–9.0.97 (also some older EOL versions). The issu...
CVE-2019-25160
CVE-2019-25160 is about netlabel: fix out-of-bounds memory accesses in the Linux kernel. The Connected documents specify two array OOB accesses: one in cipso_v4_map_lvl_valid() and another in netlbl_bitmap_walk(). The fixes are described as straightforward, and backport guidance notes that netlbl...
CVE-2022-27226
CVE-2022-27226 affects iRZ Mobile Routers. A CSRF flaw in /api/crontab enables a threat actor to insert a crontab entry in the router Admin panel, causing the defined cronjob to run and leading to remote code execution with filesystem access. The issue can also enable RCE if default credentials a...
CVE-2020-2506
CVE-2020-2506 affects QNAP Systems Inc. Helpdesk prior to version 3.0.3, due to improper access control that could allow an attacker to gain privileges or read sensitive information. The issue is documented across multiple sources (NVD, CNVD, CVELIST, PT-Security, Nessus QSA-20-08) and is referen...
CVE-2015-4068
Arcserve UDP vulnerable versions:
CVE-2022-31474
BackupBuddy WordPress plugin versions 8.5.8.0–8.7.4.1 are affected by a local file inclusion / arbitrary file read vulnerability. The root cause is a path traversal issue exposed via the download and local-destination-id parameters, enabling access to sensitive server files. Impact stated in sour...
CVE-2009-0557
CVE-2009-0557 describes an Object Record Corruption vulnerability in Microsoft Office Excel across multiple platforms (Office 2000 SP3, XP SP3, 2003 SP3, Mac editions, and Excel Viewer/Compatibility Pack). The root cause is a malformed record object in an Excel file, enabling remote code executio...
CVE-2022-0546
CVE-2022-0546 affects Blender (image loader in Blender 3.x and 2.93.8) due to a missing bounds check that enables out-of-bounds heap access. This can cause denial of service, memory corruption, or potentially code execution. The connected documents consistently describe the same bound-check flaw ...
CVE-2015-9253
CVE-2015-9253 affects PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and earlier than 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, system) with a non-blocking STDIN stream, causing the m...
CVE-2014-0780
CVE-2014-0780 affects InduSoft Web Studio NTWebServer in version 7.1 prior to SP2 Patch 4. The NTWebServer directory traversal flaw lets remote attackers read APP password files and can lead to remote code execution. Exploitation is described as remote and not requiring authentication, enabling u...
CVE-2023-5217
CVE-2023-5217 is a heap buffer overflow in VP8 encoding in libvpx (affecting Google Chrome before 117.0.5938.132 and libvpx 1.13.1). A crafted HTML page could remotely trigger heap corruption. Multiple connected sources confirm the vulnerability in libvpx/WebP contexts; Apple’s advisory notes CVE...