Lucene search
K
ZdiMost viewed

16763 matches found

Zero Day Initiative
Zero Day Initiative
•added 2018/01/10 12:0 a.m.•486 views

Trend Micro Control Manager ViolationCntByTemplate SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

6CVSS9.1AI score0.20222EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2018/01/10 12:0 a.m.•483 views

Trend Micro Control Manager ContentSecuritySummary SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

6CVSS9.1AI score0.49408EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2018/01/10 12:0 a.m.•479 views

Trend Micro Control Manager TopViolatorsByChannel SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

6CVSS9.1AI score0.20222EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2018/01/10 12:0 a.m.•478 views

Trend Micro Control Manager ThreatDistributedTrail SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

6CVSS9.1AI score0.49408EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/07/19 12:0 a.m.•439 views

(Pwn2Own) Microsoft Exchange Server PowerShell Improper Authentication Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Powershell...

9.8CVSS5.9AI score0.99987EPSS
Exploits10References1
Zero Day Initiative
Zero Day Initiative
•added 2023/05/17 12:0 a.m.•410 views

Canonical ksmbd-tools SAMR Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canonical ksmbd-tools. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SAMROPNUMQUERYUSERINFO opcode. The issue results from the la...

8.1CVSS7.3AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2020/12/15 12:0 a.m.•376 views

(0Day) Microsoft Windows splwow64 Out-Of-Bounds Write Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the user-mode...

7CVSS4.5AI score0.01229EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2021/07/15 12:0 a.m.•372 views

Microsoft Exchange Server ECP Authentication Bypass Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication of requests to web services within the ecp web...

6.5CVSS1.2AI score0.97502EPSS
Exploits2References1
Zero Day Initiative
Zero Day Initiative
•added 2020/04/30 12:0 a.m.•372 views

Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Oracle Coherence library. The issue results from the lack of proper validation of...

9.8CVSS4.3AI score0.94928EPSS
Exploits11References1
Zero Day Initiative
Zero Day Initiative
•added 2021/01/08 12:0 a.m.•364 views

(0Day) Microsoft Windows splwow64 Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

2.5CVSS3.7AI score0.01229EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2010/12/14 12:0 a.m.•361 views

Microsoft SharePoint Server Arbitrary File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Sharepoint Server utilizing Microsoft's Office Document Load Balancer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Office Document...

10CVSS7.1AI score0.93916EPSS
Exploits9References1
Zero Day Initiative
Zero Day Initiative
•added 2022/10/21 12:0 a.m.•319 views

(Pwn2Own) Linux Kernel io_uring Improper Update of Reference Count Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the iouring API. The...

8.8CVSS5AI score0.01433EPSS
Exploits2References1
Zero Day Initiative
Zero Day Initiative
•added 2020/12/15 12:0 a.m.•316 views

(0Day) Microsoft Windows splwow64 Untrusted Pointer Dereference Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

2.5CVSS3.7AI score0.01229EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2020/11/25 12:0 a.m.•306 views

VMware ESXi SLP Use-After-Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMware ESXi. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of SLP...

7.8CVSS4AI score0.83015EPSS
Exploits2References1
Zero Day Initiative
Zero Day Initiative
•added 2020/08/13 12:0 a.m.•294 views

Microsoft Windows av1decodermft_store AVIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS5.8AI score0.04926EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2017/12/15 12:0 a.m.•269 views

Quest NetVault Backup Server Process Manager Service NVBUBackup TimeRange Method SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup TimeRange method requests. The issue results from the...

7.5CVSS1.2AI score0.03933EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2017/12/13 12:0 a.m.•268 views

NetGain Systems Enterprise Manager snmpwalk.snmpwalk_005fdo_jsp ip Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute code by overwriting arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

9CVSS4.1AI score0.04123EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2023/05/17 12:0 a.m.•264 views

(Pwn2Own) Synology DiskStation Manager api.php Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the api.php endpoint. The issue results from the lack of authentication prio...

8.8CVSS6.9AI score0.00586EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2021/04/13 12:0 a.m.•263 views

(0Day) (Pwn2Own) Samsung Q60T TV Internet Browser Type-Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Q60 Smart QLED TV. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

5.5CVSS2.5AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2014/11/19 12:0 a.m.•262 views

Oracle Java jp2launcher.exe Privilege Escalation Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of path...

4.6CVSS4.8AI score0.00402EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2017/12/15 12:0 a.m.•261 views

Quest NetVault Backup Server Process Manager Service NVBUBackupSegment Get Method SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupSegment Get method requests. The issue results from th...

7.5CVSS1.4AI score0.03933EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2020/02/20 12:0 a.m.•251 views

Microsoft Exchange Server Exchange Control Panel Fixed Cryptographic Key Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the Exchange Control Panel web application. The product fails to generate a unique...

8.8CVSS3.3AI score0.99965EPSS
Exploits30References1
Zero Day Initiative
Zero Day Initiative
•added 2017/12/15 12:0 a.m.•250 views

Quest NetVault Backup Server Process Manager Service NVBUBackup Count Method SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Count method requests. The issue results from the lac...

7.5CVSS1.4AI score0.03933EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2021/04/13 12:0 a.m.•248 views

(0Day) (Pwn2Own) Samsung Q60T TV Internet Browser Intermediate Representation Opcode Type-Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Q60 Smart QLED TV. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

5.5CVSS2.6AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2024/01/09 12:0 a.m.•245 views

Linux Kernel GSM Multiplexing Race Condition Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ngsm driver. The...

8.8CVSS7.5AI score0.00767EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2017/09/26 12:0 a.m.•243 views

(0Day) Eaton ELCSoft LAD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of a L...

7.5CVSS6.9AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2017/08/02 12:0 a.m.•241 views

Dell Storage Manager EmWebsiteServlet Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Dell Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the doGet method of the EmWebsiteServlet class, which listens on TCP port...

7.8CVSS1.3AI score0.054EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/02/26 12:0 a.m.•239 views

Microsoft Azure MCR VSTS CLI vstscli Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of MCR VSTS CLI for Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of MCR VSTS CLI. When installed from the Microsoft...

9.8CVSS7.7AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2020/01/15 12:0 a.m.•239 views

Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the T3 protocol on TCP port 7001. When deserializing objects embedded wi...

9.8CVSS4.6AI score0.97116EPSS
Exploits26References1
Zero Day Initiative
Zero Day Initiative
•added 2021/05/07 12:0 a.m.•236 views

Foxit Reader app.media Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the the handling of...

7.8CVSS2.5AI score0.04287EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/07/15 12:0 a.m.•233 views

Adobe Acrobat Pro DC getAnnot Type Confusion Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

3.3CVSS3.2AI score0.02721EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/07/15 12:0 a.m.•223 views

Adobe Acrobat Pro DC embedDocAsDataObject Type Confusion Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

3.3CVSS3.1AI score0.01919EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2016/07/21 12:0 a.m.•219 views

Oracle Glassfish PartItem Arbitrary File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Glassfish Server. Authentication is not required to exploit this vulnerability. The PartItem class allows remote attackers to write to arbitrary files via a NULL byte in a file name in a...

7.5CVSS7.3AI score0.07493EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2014/10/02 12:0 a.m.•217 views

(0Day) Hewlett-Packard Data Protector EXEC_INTEGUTIL Remote Command Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Data Protector. Authentication is not required to exploit this vulnerability. The specific flaw exists within specifically crafted EXECINTEGUTIL messages. A remote attacker can inje...

10CVSS6.1AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2023/03/14 12:0 a.m.•214 views

PaperCut NG SetupCompleted Improper Access Control Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can...

9.8CVSS9.4AI score0.99999EPSS
Exploits24References1
Zero Day Initiative
Zero Day Initiative
•added 2022/05/26 12:0 a.m.•214 views

Apple macOS HEIC File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of HEIC...

7.8CVSS4.5AI score0.01638EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/05/26 12:0 a.m.•212 views

Foxit PhantomPDF XFA Template Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of X...

7.8CVSS2.4AI score0.06055EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/05/20 12:0 a.m.•196 views

Apple macOS QuartzCore Type Confusion Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the QuartzCore Framework...

7.8CVSS5.7AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/06/16 12:0 a.m.•194 views

(Pwn2Own) Microsoft Windows mskssrv Driver Untrusted Pointer Dereference Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the mskssrv driver...

8.8CVSS7AI score0.22133EPSS
Exploits2References1
Zero Day Initiative
Zero Day Initiative
•added 2022/02/22 12:0 a.m.•192 views

(Pwn2Own) Cisco RV340 SSLVPN Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SSL VPN service, which listens on TCP port 8443 by default. The issue results fr...

9.8CVSS5.2AI score0.72458EPSS
Exploits7References1
Zero Day Initiative
Zero Day Initiative
•added 2021/02/10 12:0 a.m.•192 views

Omron CX-One PSW File Parsing Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSW...

7.8CVSS4.5AI score0.01781EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/03/23 12:0 a.m.•191 views

(Pwn2Own) HP LaserJet Pro MFP M283fdw LLMNR Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of HP LaserJet Pro MFP M283fdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the LLMNR protocol. The issue resul...

8.8CVSS4.6AI score0.00695EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/04/22 12:0 a.m.•187 views

Google cAdvisor REST API Improper Access Control Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Google cAdvisor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the REST API endpoint, which listens on TCP port 8080 by default. The issue...

5.3CVSS6.5AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/06/02 12:0 a.m.•186 views

OpenText Brava! Desktop dwg2dl Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

7.8CVSS4.9AI score0.01419EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2020/07/20 12:0 a.m.•186 views

D-Link DIR-842 HNAP GetCAPTCHAsetting Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HNAP GetCAPTCHAsetting requests. The issue results fro...

8.8CVSS2.6AI score0.03319EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2017/06/12 12:0 a.m.•185 views

(0Day) Schneider Electric U.motion Builder sendmail email_attachment Parameter Absolute Path Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to extract arbitrary files on vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of sendmail.php. The applet allows callers to select...

7.8CVSS6.9AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2011/10/26 12:0 a.m.•184 views

Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles...

9CVSS2.9AI score0.03932EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2021/07/19 12:0 a.m.•182 views

Microsoft SharePoint SetVariableActivity Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the Microsoft.SharePoint.WorkflowActions.SetVariableActivity class. A crafted...

8.8CVSS4.6AI score0.03324EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2017/01/24 12:0 a.m.•182 views

Oracle WebLogic RMI Registry UnicastRef Object Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the insufficient blacklisting of certain Java objects. The issue lies in the failure t...

7.5CVSS3.8AI score0.97301EPSS
Exploits15References1
Zero Day Initiative
Zero Day Initiative
•added 2021/01/14 12:0 a.m.•181 views

Siemens JT2Go JT File Parsing Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT...

7.8CVSS4.7AI score0.03042EPSS
Exploits0References1
Total number of security vulnerabilities5000