16763 matches found
Parallels Desktop Toolgate Uninitialized Memory Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within t...
Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the...
Cisco Multiple Routers Cookie Header Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV16x and RV26x routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 443 by default. The...
Trend Micro ServerProtect splx_manual_scan Memory Exhaustion Denial-Of-Service Vulnerability
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro ServerProtect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
NETGEAR R7450 SOAP API RecoverAdminPassword Improper Access Control Information Disclosure Vulnerability
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default...
(Pwn2Own) Western Digital MyCloud PR4100 nasAdmin Incorrect Authorization Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nasAdmin service, which listens on TCP port 80 and 443 by...
Micro Focus Operations Bridge Manager SecurityService Deserialization Of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Adobe Illustrator PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of P...
SAP 3D Visual Enterprise Viewer PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...
Foxit PhantomPDF U3DBrowser U3D File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U...
SAP 3D Visual Enterprise Viewer RLE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...
SAP 3D Visual Enterprise Viewer U3D File Parsing 3difr Plugin Uninitialized Pointer Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...
Trend Micro Apex One Improper Access Control Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ApexOne...
Parallels Desktop Networking Service Integer Underflow Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the prlnapt...
Adobe Acrobat Pro DC updateFeed Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Advantech WebAccess Node bwmail Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwmail.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process...
Microsoft Exchange Server NTLM Reflection EWS User Impersonation Vulnerability
This vulnerability allows remote attackers to impersonate arbitrary users on vulnerable installations of Microsoft Exchange Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the use of NTLM authentication in Exchange Server. NTLM responses produced ...
(Pwn2Own) Apple Safari CreateThis Type Confusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JIT...
Linux Kernel MIDI Race Condition Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of MIDI...
(Pwn2Own) Oracle Virtualbox HGCM Out-Of-Bounds Write Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...
Microsoft Internet Explorer VML textpath Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
Apple macOS QuartzCore render_mask Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation o...
NetGain Systems Enterprise Manager deviceReport.deviceReport_005fexport_005fdo_jsp filename Directory Traversal Arbitrary File Overwrite Vulnerability
This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
Bitdefender Internet Security Themida Emulator Integer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...
Microsoft Windows VBScript Join Function Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Microsoft Windows Bitmap Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
(Pwn2Own) Microsoft Windows NtUserLinkDpiCursor Use-After-Free Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...
(Pwn2Own) Microsoft Windows NtUserLinkDpiCursor Use-After-Free Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...
Microsoft Windows ADO Recordset Update Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Adobe Reader DC XSLT attribute-set Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within XSLT's...
Apple OS X AppleHSSPIHIDDriver Buffer Overflow Privilege Escalation Vulnerability
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
Mozilla Firefox nsHTMLDocument SetBody Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
Adobe Acrobat Pro DC DLL Planting Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the handling of DLL search paths. In...
Adobe Flash Player AS2 ConvolutionFilter Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processin...
Adobe Flash Player AVSS Load Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling ...
Microsoft Internet Explorer CSVGSVGElement Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Foxit ActiveX Pro SDK SetLogFile Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Foxit ActiveX Pro SDK ActiveX control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...
Microsoft Internet Explorer CInput onfocus Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...
Microsoft Internet Explorer CGeneratedContent Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
(Pwn2Own) Microsoft Windows Shared Data ASLR Security Feature Bypass Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the existence ...
Hewlett-Packard SiteScope SOAP Call runOMAgentCommand Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists within APIBSMIntegrationImpl's processing of the runOMAgentCommand which can be invoked through...
Hewlett-Packard System Management iprange Parameter Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP System Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the iprange parameter when passed to /proxy/DataValidation in an...
Oracle Java mort TTF Table Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the fontmanager...
Oracle Java NativeJavaConstructor Class Serialization Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to insufficient checks...
Mozilla Firefox AttributeChildRemoved Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Firefox...
Apple QuickTime RLE Sample Decoding Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the...
(0Day) FlexNet License Server Manager Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Flexnet License Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the license server manager which listens on TCP port 27000. There are multiple...
Mozilla Firefox SVGPathSegList.replaceItem Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code...
(0Day) IBM Lotus Domino iCalendar Meeting Request Parsing Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within the nrouter.exe service while processing a malformed calendar meeting...
Oracle Database and Enterprise Manager Grid Control Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Database 11g. Authentication is not required to exploit this vulnerability. The specific flaw exists within a JSP script exposed via an HTTPS server running by default on TCP port 1158. The...