16763 matches found
Foxit Studio Photo CR2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...
Foxit Studio Photo NEF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...
Oracle WebLogic Server T3 Protocol Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the T3 protocol. Crafted data in a T3 protocol message can trigge...
VMware Workstation BDOOR_CMD_PATCH_ACPI_TABLES Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...
Apple macOS process_token_SetFence Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AppleIntelKBLGraphic...
Microsoft Windows User Profile Service Arbitrary File Deletion Vulnerability
This vulnerability allows local attackers to delete arbitrary files on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within handling of the...
Apple macOS CoreGraphics JBIG2Bitmap Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the CoreGraphics library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the...
Foxit PhantomPDF Update Service Incorrect Permission Assignment Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PhantomPDF. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the...
Foxit PhantomPDF U3DBrowser U3D Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Micro Focus Operations Bridge Reporter shrboadmin Use of Hard-coded Credentials Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the creation of the shrboadmin user during installation. The...
SAP 3D Visual Enterprise Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...
SAP 3D Visual Enterprise Viewer FBX File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...
SAP 3D Visual Enterprise Viewer HPGL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...
Advantech iView NetworkServlet findSummaryCfgDeviceListExport Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the findSummaryCfgDeviceListExport method of the NetworkServl...
Advantech iView DeviceTreeTable exportInventoryTable Directory Traversal File Creation Vulnerability
This vulnerability allows remote attackers to create arbitrary files on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the exportInventoryTable method of the DeviceTreeTable class...
Adobe Acrobat Reader DC ESObject Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...
Adobe Acrobat Pro DC convert Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
FreeBSD Kernel sendmsg System Call Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of FreeBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...
Foxit PhantomPDF JSCreate Type Confusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Adobe Bridge MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of MP4...
ICONICS Genesis64 TestQuery SQL Injection Remote Code Execution Vulnerability
The vulnerablity allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of requests to the TestQuery endpoint of the IcoFwxServer service. The...
(Pwn2Own) ICONICS Genesis64 IcoFwxServer Deserialization Of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS Genesis64. Authentication is not required to exploit this vulnerability. The specific flaw exists with the handling of serialized objects. The issue results from the lack of proper validation...
(Pwn2Own) Rockwell Automation FactoryTalk View SE Backup Missing Authentication for Critical Function Vulnerability
This vulnerability allows remote attackers to create arbitrary files on affected installations of Rockwell Automation FactoryTalk View SE. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of project backups. The issue results from lack of...
(0Day) (Pwn2Own) Inductive Automation Ignition ServerMessageHeader Deserialization of Untrusted Data Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of serialized data. The issue results in the lack of...
(Pwn2Own) Apple Safari In Operator JIT Type Confusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of...
Microsoft Internet Explorer JScript Garbage Collection Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
TP-Link TL-WA855RE login.json Improper Authentication Privilege Escalation Vulnerability
This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of TP-Link TL-WA855RE Wi-Fi extenders. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within th...
Oracle VirtualBox D3D9 Shader Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle VirtualBox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within handling of D3D9...
Intel Wi-Fi Link Driver Netwtw06 Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Intel Wi-Fi Link Driver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of 802.11 frames. The issue results from the lack of...
Microsoft Windows KERNELBASE Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Foxit Studio Photo EPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Microsoft Windows ulGetNearestIndexFromColorref Out-Of-Bounds Write Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
(Pwn2Own) Xiaomi Mi9 Browser Untrusted Site Redirection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Xiaomi Mi9 Browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Xiaom...
IBM Spectrum Protect Plus changeAdministratorPassword Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IBM Spectrum Protect Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative Console Framework service. The issue results from the lack ...
Foxit Reader JPEG2000 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...
Advantech WebAccess Node bwrunrpt Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within bwrunrpt.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs proces...
Adobe Photoshop PostScript callothersubr Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...
Apple macOS parseSummaryInfo Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Mozilla Firefox Language Pack XUL Injection Sandbox Escape Vulnerability
This vulnerability allows remote attackers to escape the sandbox on affected installations of Mozilla Firefox. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists due to possibility of XUL...
Advantech WebAccess Node viewsrv Arbitrary File Deletion Vulnerability
This vulnerability allows remote attackers to delete arbitrary files on affected installations of Advantech WebAccess Node. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2715 IOCTL in the webvrpcs process. The issue resul...
Microsoft Windows DirectWrite Integer Overflow Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Microsoft Word DOCX Parsing Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...
(0Day) Hewlett Packard Enterprise Intelligent Management Center iccSelectRules Expression Language Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
Apple Safari CSSFontFace Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
Adobe Acrobat Pro DC ImageConversion JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Microsoft Windows Dxgkrnl Type Confusion Privilege Escalation Vulnerability
This vulnerability allows attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within D3DKMTRender. The issu...
Microsoft Exchange Server Voicemail Transcription Improper Access Control Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the conversion of voicemails to text. Due to improper access control, an attacker who h...
Qemu Slirp Networking Heap-based Buffer Overflow Privilege Escalation Vulnerability
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Qemu. An attacker must first obtain the ability to execute code on the guest OS in order to exploit this vulnerability. The specific flaw exists within the handling of the slirp networking. The issu...
Google Web Designer URI Parsing Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Web Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processi...
Advantech WebAccess Node BWSCADASoap PointListByPage SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Advantech WebAccess Node. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...