16763 matches found
McAfee Total Protection Directory Junction Denial-of-Service Vulnerability
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of McAfee Total Protection. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...
Schneider Electric IGSS CGF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...
Trend Micro OfficeScan Improper Access Control Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro OfficeScan. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP port 4343 by default. The issue...
Trend Micro Apex One Improper Access Control Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex One. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web console, which listens on TCP port 4343 by default. The issue resul...
Schneider Electric IGSS CGF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...
Siemens JT2Go JT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of JT...
SAP 3D Visual Enterprise Viewer GIF File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...
NETGEAR Multiple Routers mini_httpd Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Although authentication is required to exploit...
Apple macOS libFontParser TTF Font Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the RenderGlyp...
X.Org Server XRecordRegisterClients Integer Underflow Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...
Apple macOS Kernel Command 0x10005 Out-Of-Bounds Write Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AppleIntelKBLGraphic...
Micro Focus Operations Bridge Manager diagnostics Use of Hard-coded Credentials Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the product's authentication mechanism. The product contains a...
SAP 3D Visual Enterprise Viewer SVG File XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
IBM Informix spatial Out-Of-Bounds Write Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of IBM Informix. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the spatial.bld module...
Foxit PhantomPDF GIF File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GI...
VMware Workstation ThinPrint TTCHeader Integer Overflow Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...
VMware Workstation ThinPrint JPEG2000 Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...
SAP 3D Visual Enterprise Viewer GIF File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...
Foxit Studio Photo PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
Microsoft Windows WalletService Race Condition Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
Marvell QConvergeConsole getFileFromURL Unrestricted File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getFileFromURL...
Marvell QConvergeConsole Exposed Dangerous Method or Function Remote Code Execution
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Tomcat...
Marvell QConvergeConsole isHPSmartComponent Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of installations of Marvell QConvergeConsole. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within th...
Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...
Apple Safari getAnimations Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Oracle VirtualBox e1000 Unintialized Memory Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...
Oracle VirtualBox LsiLogicSCSI Time-Of-Check Time-Of-Use Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...
Oracle VirtualBox BusLogicSCSI Uninitialized Memory Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...
Advantech iView ZTPConfig importZtpConfiguration Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the importZtpConfiguration method of the ZTPConfig...
(0Day) (Pwn2Own) Rockwell Automation Studio 5000 AML File Parsing XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Rockwell Automation Studio 5000. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of AML files. Due to the improper restriction of XML...
VMware Workstation xHCI Isoch TD Out-Of-Bounds Write Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI...
Microsoft SharePoint Server Web Part Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of Web Parts. When creating a SharePoint page, an attacker can uplo...
Microsoft Windows Media Foundation Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Media...
Microsoft Windows Media Player mpg2splt Integer Underflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Trend Micro InterScan Web Security Virtual Appliance Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the LogSettingHandler class. When parsing the mountdevi...
Foxit PhantomPDF AddWatermark Type Confusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of t...
Oracle VirtualBox xHCI Integer Overflow Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI...
Foxit PhantomPDF U3DBrowser U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Oracle E-Business Suite Human Resources Organization Hierarchy Viewer PosServer SQL Injection Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of Oracle E-Business Suite Human Resources. Authentication is required to exploit this vulnerability. The specific flaw exists within the Organization Hierarchy Viewer. The issue results from the lack of...
Oracle VirtualBox VBoxVGA VBoxVHWASurfaceBase Use-After-Free Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the VBoxVGA...
Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JET database...
Microsoft Windows Palette Object Use-After-Free Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...
IBM Spectrum Protect Plus plugin Directory Traversal File Creation Vulnerability
This vulnerability allows remote attackers to create arbitrary files on affected installations of IBM Spectrum Protect Plus. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative Console Framework service. The issue results from the lack ...
(Pwn2Own) TP-Link Archer A7 Protection Mechanism Failure Firewall Bypass Vulnerability
This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper filtering of IPv6 SS...
Adobe Acrobat Reader DC XFA Template Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
(Pwn2Own) Xiaomi Mi9 Browser manualUpgradeInfo Improper Control of Generation of Code Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Mi9 Browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing ...
Foxit Reader Annotations AcroForm Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of form...
Google Android V4l2 cam_actuator_driver_cmd Use-After-Free Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Google Android. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
Microsoft Office Graph Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Graph COM...
Cisco Data Center Network Manager SecurityManager Hard-coded Cryptographic Key Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the validation of SSO tokens of SOAP packets. The issue results from th...