16763 matches found
Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...
Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...
Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...
Siemens Tecnomatix Plant Simulation WRL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...
Adobe Photoshop node_modules Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Adobe Photoshop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the...
Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability
This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of a...
Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability
This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of a...
Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validati...
Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper...
Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper...
Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validati...
Apple WebKit WebCore ContainerNode Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple WebKit. User interaction is required to exploit this vulnerability. The specific flaw exists within the processing of Text objects. The issue results from the lack of validating the existence o...
Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of URLs in the web server module. The issue results from the...
Ivanti Endpoint Manager HIIDriver Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alternatively, no user interaction is...
Ivanti Avalanche SecureFilter Authentication Bypass Vulnerability
This vulnerability allows remote attackers to partially bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecureFilter class. The issue results from incorrect string matching when...
7-Zip Mark-of-the-Web Bypass Vulnerability
This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Ivanti Avalanche Faces ResourceManager Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Faces Mojarra component. The issue results from the use of a vulnerable...
Ivanti Avalanche SecureFilter allowPassThrough Authentication Bypass Vulnerability
This vulnerability allows remote attackers to partially bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the allowPassThrough method. The issue results from...
Ivanti Endpoint Manager updateAssetInfo SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the updateAssetInfo method. The issue results from the lack of...
Ivanti Endpoint Manager DecodeBase64Object Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. Alternatively, no user interaction is...
Ivanti Endpoint Manager Improper Input Validation AlertService Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AlertService. The issue results from the lack of proper...
Ivanti Endpoint Manager AlertService Uninitialized Memory Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AlertService. The issue results from the lack of proper initializatio...
Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AlertService. The issue results from the lack of proper...
Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AlertService. The issue results from the lack of proper...
Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AlertService. The issue results from the lack of proper...
Ivanti Endpoint Manager AlertService Type Confusion Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Ivanti Endpoint Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within t...
Ivanti Endpoint Manager AlertService Improper Input Validation Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Endpoint Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AlertService. The issue results from the lack of proper...
Ivanti Endpoint Manager MyResolveEventHandler Untrusted Search Path Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the MyResolveEventHandler method. The issue results from loadi...
Microsoft Office Word DOCX File Parsing Uninitialized Pointer Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing ...
Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows...
Microsoft Office Word RTF File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing ...
(Pwn2Own) Google Chrome VideoFrame Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation o...
Mintty Path Conversion Improper Input Validation Information Disclosure Vulnerability
This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Mintty. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of printed...
Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the System Speedup...
Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the System Speedup...
Apple macOS libFontValidation Font Glyph YCoordinate Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the libFontValidation library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists...
Avira Prime System Speedup Service Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the System Speedup...
Apple macOS libFontValidation Font Glyph Flags Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the libFontValidation library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists...
Apple macOS libFontValidation post Table Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the libFontValidation library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists...
Apple macOS libFontValidation loca Table Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the libFontValidation library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists...
Apple macOS libFontValidation Font Header Name Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the libFontValidation library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists...
Apple macOS libFontValidation kern Table Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the libFontValidation library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists...
Apple macOS CoreText Font Ligature Caret List Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...
Apple macOS CoreText Font Ligature Caret List Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...
SonicWALL NSv setSshdConfig Exposed Dangerous Function Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of SonicWALL NSv. An attacker must first obtain the ability to execute low-privileged code on the target system or send a TCP packet to a local service in order to exploit this vulnerability. The specific...
SonicWALL NSv SSH Management Server-Side Request Forgery Vulnerability
This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of SonicWALL NSv. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SSH...
SonicWALL NSv Cryptographically Weak PRNG Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of SonicWALL NSv. Authentication is not required to exploit this vulnerability. The specific flaw exists within the generation of cookies. The issue results from the use of a cryptographically weak...
Redis Stack Lua Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Redis Stack. Authentication is required to exploit this vulnerability. The specific flaw exists within the Lua module. The issue results from the lack of validating the existence of an object prior t...
Redis Stack RedisBloom Integer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Redis Stack. Authentication is required to exploit this vulnerability. The specific flaw exists within the RedisBloom module. The issue results from the lack of proper validation of user-supplied dat...
SonicWALL NSv Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of SonicWALL NSv. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of Base64-encoded session cookies. The issue results from an incorrect...