213680 matches found
Remote code execution
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...
Remote code execution
Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability...
Remote code execution
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...
Privilege escalation
Windows Kernel Elevation of Privilege Vulnerability...
Information disclosure
Windows DNS Information Disclosure Vulnerability...
Information disclosure
Microsoft Teams for Android Information Disclosure Vulnerability...
Information disclosure
Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability...
Security feature bypass
Windows Kernel Security Feature Bypass Vulnerability...
Remote code execution
Microsoft Outlook Remote Code Execution Vulnerability...
Remote code execution
Microsoft Word Remote Code Execution Vulnerability...
Remote code execution
Microsoft Office OneNote Remote Code Execution Vulnerability...
Spoofing
Microsoft Azure Active Directory B2C Spoofing Vulnerability...
Remote code execution
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...
Denial of service
.NET Denial of Service Vulnerability...
Spoofing
Dynamics 365 Field Service Spoofing Vulnerability...
Cross site scripting
Microsoft Dynamics 365 on-premises Cross-site Scripting Vulnerability...
Privilege escalation
Microsoft Azure File Sync Elevation of Privilege Vulnerability...
Privilege escalation
Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability...
Privilege escalation
Microsoft Outlook Elevation of Privilege Vulnerability...
Cross site scripting
Microsoft Dynamics 365 on-premises Cross-site Scripting Vulnerability...
Spoofing
Dynamics 365 Sales Spoofing Vulnerability...
Privilege escalation
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability...
Spoofing
Windows Printing Service Spoofing Vulnerability...
Privilege escalation
Microsoft Exchange Server Elevation of Privilege Vulnerability...
Security feature bypass
Windows SmartScreen Security Feature Bypass Vulnerability...
Authorization
Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary bitstreams...
Denial of service
.NET Denial of Service Vulnerability...
Sql injection
SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary code via a crafted script...
Cross site scripting
An issue was discovered in Zimbra Collaboration ZCS 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scripting XSS. Adding an adequate message to avoid malicious code will mitigate this issue...
Cross site scripting
An issue was discovered in Zimbra Collaboration ZCS 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in webmail in the Chrome browser, the stored XSS payload is executed. This has been mitigated by sanitising th...
Design/Logic Flaw
An issue was discovered in Zimbra Collaboration ZCS 8.8.15, 9.0, and 10.0. XSS, with resultant session stealing, can occur via JavaScript code in a link for a webmail redirection endpoint within en email message, e.g., if a victim clicks on that link within Zimbra webmail...
Design/Logic Flaw
In Zimbra Collaboration ZCS 8.8.15 and 9.0, a closed account with 2FA and generated passwords can send e-mail messages when configured for Imap/smtp...
Privilege escalation
Twister Antivirus v8.17 allows Elevation of Privileges on the computer where it's installed by triggering the 0x80112067, 0x801120CB and 0x801120CC IOCTL codes of the fildds.sys driver...
Out-of-bounds
Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver...
Design/Logic Flaw
Uncontrolled Resource Consumption in GitHub repository mbloch/mapshaper prior to 0.6.44...
Memory corruption
Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability by triggering the 0x22201B, 0x22201F, 0x222023, 0x222027 ,0x22202B, 0x22202F, 0x22203F, 0x222057 and 0x22205B IOCTL codes of the Vba32m64.sys driver...
Null pointer dereference
Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer...
Design/Logic Flaw
Rejected reason: REJECT Not a valid vulnerability...
Code injection
Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1...
Denial of service
An unauthenticated remote attacker can use an uncontrolled resource consumption vulnerability to DoS the affected devices through excessive traffic on a single ethernet port...
Design/Logic Flaw
An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN...
Design/Logic Flaw
The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This issue affects bot...
Design/Logic Flaw
A flaw in query-handling code can cause named to exit prematurely with an assertion failure when: - nxdomain-redirect ; is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versio...
Design/Logic Flaw
If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and...
Design/Logic Flaw
A bad interaction between DNS64 and serve-stale may cause named to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through...
Type confusion
To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queue...
Cross site scripting
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button URL in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and...
Cross site scripting
A cross-site scripting vulnerability in Trellix Central Management CM prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard...
Cross site scripting
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
Cross site scripting
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Link in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and...