Lucene search
K
ZdiMost viewed

16763 matches found

Zero Day Initiative
Zero Day Initiative
•added 2017/07/11 12:0 a.m.•79 views

(Pwn2Own) Microsoft Windows D3DKMTCreateAllocation Buffer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

6.9CVSS8.1AI score0.01159EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2017/07/11 12:0 a.m.•79 views

(Pwn2Own) Microsoft Windows CLFS Driver Uninitialized Memory Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Common Log...

6.9CVSS8.7AI score0.00972EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2010/12/23 12:0 a.m.•79 views

Rocket U2 Uni RPC Service Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of multiple products from multiple vendors that utilize the Uni RPC protocol. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Uni RPC service...

10CVSS8.4AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/07/07 12:0 a.m.•78 views

Siemens Simcenter Femap modfem File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

7.8CVSS4.6AI score0.01336EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
•added 2021/06/23 12:0 a.m.•78 views

VMware Workstation Tools Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the VGAuthService...

7.8CVSS4.5AI score0.01382EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/05/03 12:0 a.m.•78 views

Microsoft Windows splwow64 Out-Of-Bounds Read Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the user-mode...

7.8CVSS4.7AI score0.01229EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2017/04/12 12:0 a.m.•78 views

LAquis SCADA Software Web Server Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of LAquis SCADA Software. Authentication is not required to exploit this vulnerability. The specific flaw exists within global processing of requests inside the web server. The issue results...

5CVSS2AI score0.08733EPSS
Exploits4References1
Zero Day Initiative
Zero Day Initiative
•added 2016/08/17 12:0 a.m.•78 views

PCRE Regular Expression Compilation Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of PCRE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the compilation of regular...

5.1CVSS4AI score0.0843EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2016/07/21 12:0 a.m.•78 views

Oracle WebLogic JBoss Interceptors Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists in the use of JBoss Interceptors library. By sending a specially crafted request, the...

7.5CVSS5.6AI score0.91402EPSS
Exploits7References1
Zero Day Initiative
Zero Day Initiative
•added 2013/05/30 12:0 a.m.•78 views

Microsoft Internet Explorer CDOMTextNode Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw is due to the way...

7.5CVSS2.1AI score0.20643EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/02/09 12:0 a.m.•77 views

Oracle WebLogic Server ForeignOpaqueReference JNDI Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ForeignOpaqueReference class. The issue results from the lack of proper...

9.8CVSS8.4AI score0.00857EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/01/31 12:0 a.m.•77 views

Bentley View JT File Parsing Double Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JT...

7.8CVSS4.1AI score0.01814EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/08/17 12:0 a.m.•77 views

(Pwn2Own) Zoom Heap based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Zoom Clients. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of encrypted messages. The issue results from the lack of proper validation ...

7.3CVSS6.9AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/06/23 12:0 a.m.•77 views

Microsoft SharePoint WorkflowCompilerInternal Exposed Dangerous Function Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the System.Workflow.ComponentModel.Compiler.WorkflowCompilerInternal class. This class...

7.5CVSS4AI score0.02962EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/04/23 12:0 a.m.•77 views

Autodesk FBX Review ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS4.2AI score0.5964EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/04/21 12:0 a.m.•77 views

Microsoft Word DOC File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOC...

7.8CVSS4.3AI score0.04068EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2020/12/18 12:0 a.m.•77 views

NETGEAR Multiple Routers mini_httpd Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this...

8.8CVSS1.7AI score0.08656EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2020/06/15 12:0 a.m.•77 views

(0Day) (Pwn2Own) NETGEAR R6700 UPnP SOAPAction Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A crafted UPnP message...

6.5CVSS4.1AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2017/08/01 12:0 a.m.•77 views

(Pwn2Own) Adobe Reader DC Collab documentToStream Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

6.8CVSS3.2AI score0.05192EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2017/07/11 12:0 a.m.•77 views

Fatek Automation PLC Ethernet Module Configuration Tool Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fatek Automation PLC Ethernet Module Configuration Tool. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...

6.8CVSS4AI score0.04414EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2011/04/28 12:0 a.m.•77 views

Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability

This vulnerability allows remote attackers to inject arbitrary SQL into the backend database on vulnerable installations of Cisco Unified CM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Call Manager component. The system exposes an Apache...

7.5CVSS3.2AI score0.24822EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
•added 2022/02/15 12:0 a.m.•76 views

(Pwn2Own) Lexmark MC3224i Unprotected API Remote Code Execution Vulnerability

This vulnerability allows remote attackers to remove authentication on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within URL handling. The issue results from the lack of proper restriction to a URL. An...

9.6CVSS3.7AI score0.02432EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/01/31 12:0 a.m.•76 views

Bentley MicroStation CONNECT BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS5.7AI score0.01878EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/07/22 12:0 a.m.•76 views

Oracle Business Intelligence UpdateConnectionServlet JNDI Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle Business Intelligence. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpdateConnectionServlet class. The issue results from the lack of proper...

8.8CVSS3.7AI score0.35713EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/06/25 12:0 a.m.•76 views

Apple macOS AudioToolboxCore AAC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the AudioToolboxCore library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists with...

3.3CVSS4.1AI score0.00878EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/04/28 12:0 a.m.•76 views

Apple macOS AppleIntelKBLGraphics IOCTL 0x10003 Out-Of-Bounds Write Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of IOCTL...

7.8CVSS3.5AI score0.00578EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2020/09/08 12:0 a.m.•76 views

Cisco RV340 upload.cgi Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the fileparam parameter provided to the upload.cgi endpoint. T...

5.5CVSS3.2AI score0.02175EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2017/06/13 12:0 a.m.•76 views

Microsoft Windows PDF Library JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows PDF Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

6.8CVSS5.5AI score0.24243EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2016/08/09 12:0 a.m.•76 views

Microsoft Edge GetRefererUrl Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Microsof...

4.3CVSS0.7AI score0.15846EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2015/02/27 12:0 a.m.•76 views

(0Day) WebGate eDVR Manager WESPMonitor.WESPMonitorCtrl.1 LoadImage Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebGate eDVR Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.5CVSS8.7AI score0.2414EPSS
Exploits4References2
Zero Day Initiative
Zero Day Initiative
•added 2022/10/14 12:0 a.m.•75 views

Microsoft Word DOCX File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOCX...

7.8CVSS5.6AI score0.01509EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/01/31 12:0 a.m.•75 views

Bentley MicroStation CONNECT JT File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS4.4AI score0.01911EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/01/31 12:0 a.m.•75 views

Bentley MicroStation CONNECT 3DS File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS4.6AI score0.01961EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/01/31 12:0 a.m.•75 views

Bentley View DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN...

7.8CVSS5.1AI score0.01955EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/06/10 12:0 a.m.•75 views

(0Day) D-Link DAP-1330 HNAP Cookie Header Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Cookie HTTP header. The issue results from the lac...

8.8CVSS3.4AI score0.02333EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
•added 2021/01/27 12:0 a.m.•75 views

Trend Micro ServerProtect vsapiapp Memory Exhaustion Denial-Of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Trend Micro ServerProtect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

4.3CVSS2.5AI score0.00404EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2016/01/25 12:0 a.m.•75 views

Oracle Application Testing Suite Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Application Testing Suite. The specific flaw exists within the isAllowedUrl function. This function has a list of URI entries which do not require authentication. Because the function only...

7.5CVSS7.7AI score0.92719EPSS
Exploits5References1
Zero Day Initiative
Zero Day Initiative
•added 2015/02/10 12:0 a.m.•75 views

Microsoft Windows WM_SYSTIMER Kernel Elevation of Privilege Vulnerability

This vulnerability allows local attackers to elevate to System privileges on vulnerable installations of Microsoft Windows. This vulnerability requires the ability to run arbitrary unprivileged code. The specific flaw exists within the handling of the WMSYSTIMER message. By malforming the window...

6.2CVSS6.5AI score0.04536EPSS
Exploits3References1
Zero Day Initiative
Zero Day Initiative
•added 2012/03/15 12:0 a.m.•75 views

Microsoft Remote Desktop Protocol Channel Abort Condition Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft's Remote Desktop Protocol. Authentication is not required to exploit this vulnerability. The specific flaw exists during handling of an error while loading elements into an array. This...

10CVSS2.2AI score0.73924EPSS
Exploits11References1
Zero Day Initiative
Zero Day Initiative
•added 2012/01/25 12:0 a.m.•75 views

Symantec PCAnywhere awhost32 Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec PCAnywhere. Authentication is not required to exploit this vulnerability. The flaw exists within the awhost32 component which is used when handling incoming connections. This process liste...

9.7CVSS3.6AI score0.39308EPSS
Exploits10References1
Zero Day Initiative
Zero Day Initiative
•added 2010/02/09 12:0 a.m.•75 views

Microsoft Windows ShellExecute Improper Sanitization Code Execution Vulnerability

This vulnerability allows remote attackers to force a Microsoft Windows system to execute a given local executable. User interaction is required in that the target must access a malicious URL. The specific flaw exists within the ShellExecute API. Using a specially formatted URL an attacker can...

10CVSS2.9AI score0.33985EPSS
Exploits2References1
Zero Day Initiative
Zero Day Initiative
•added 2023/05/01 12:0 a.m.•74 views

Foxit PDF Reader exportXFAData Exposed Dangerous Method Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportXFAData...

7.8CVSS6.9AI score0.46994EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/02/24 12:0 a.m.•74 views

Microsoft Windows win32kfull UMPD Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull...

8.8CVSS8.6AI score0.00764EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/07/12 12:0 a.m.•74 views

Apple macOS ImageIO PICT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the ImageIO...

7.8CVSS5.2AI score0.01142EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2021/03/22 12:0 a.m.•74 views

(Pwn2Own) Synology DiskStation Manager iscsi_snapshot_comm_core Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows local attackers to execute arbitrary code on affected installations of Synology DS418play. Authentication is not required to exploit this vulnerability. The specific flaw exists within the iscsisnapshotcommcore service. The issue results from the lack of proper locking...

6.3CVSS2.3AI score0.03786EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2020/07/16 12:0 a.m.•74 views

Microsoft Windows fontdrvhost Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

6.3CVSS5.2AI score0.03951EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2017/05/10 12:0 a.m.•74 views

(Pwn2Own) Microsoft Chakra Array Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

6.8CVSS2.3AI score0.16992EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2015/09/08 12:0 a.m.•74 views

Moxa SoftCMS IPCam.IPCam_Video_Render_Plugin.1 IVLCControl setStreamRecordData Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa SoftCMS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.8CVSS8.8AI score0.02797EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2023/02/24 12:0 a.m.•73 views

Microsoft Exchange MultiValuedProperty Exposed Dangerous Function Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the MultiValuedProperty class. The issue results from the exposure of a dangerous functio...

8.8CVSS8.7AI score0.62104EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2022/07/12 12:0 a.m.•73 views

X.Org Server ProcXkbSetGeometry Out-Of-Bounds Access Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

7.8CVSS3.9AI score0.00438EPSS
Exploits0References1
Total number of security vulnerabilities5000