Lucene search
K

16763 matches found

Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•32 views

D-Link DIR-X3260 prog.cgi SetMyDLinkRegistration Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...

6.8CVSS7.5AI score0.01126EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•20 views

Trend Micro Apex Central modVulnerabilityProtect Server-Side Request Forgery Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the modVulnerabilityProtect module. The issue results from the lack of prop...

9.1CVSS6.4AI score0.00553EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•21 views

Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue results from the lack of proper validation of the...

9.8CVSS7.4AI score0.11337EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•14 views

Ivanti Avalanche WLInfoRailService Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLInfoRailService. The issue results from the lack of proper validation of the leng...

9.8CVSS7.4AI score0.11337EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•23 views

D-Link DIR-X3260 prog.cgi SetSysEmailSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...

6.8CVSS7.5AI score0.01126EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•17 views

Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue results from the lack of proper validation of the...

9.8CVSS7.4AI score0.06782EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•22 views

Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue results from the lack of proper validation of the...

9.8CVSS7.4AI score0.11337EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•24 views

D-Link DIR-X3260 prog.cgi SetWLanRadioSecurity Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...

6.8CVSS7.5AI score0.01126EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•20 views

Ivanti Avalanche WLAvalancheService Divide By Zero Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue results from the lack of proper excepti...

7.5CVSS6.7AI score0.04148EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•22 views

D-Link DCS-8300LHV2 ONVIF Duration Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

8CVSS7.6AI score0.01155EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•27 views

D-Link DCS-8300LHV2 ONVIF SetHostName Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

8CVSS7.6AI score0.01155EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•19 views

D-Link DIR-X3260 prog.cgi SetQuickVPNSettings Password Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...

6.8CVSS7.5AI score0.01126EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•28 views

D-Link DIR-X3260 prog.cgi SetQuickVPNSettings PSK Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...

6.8CVSS7.5AI score0.01126EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•25 views

Ivanti Avalanche FileStoreConfig Arbitrary File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileStoreConfig app. The issue results from the lack of proper validation of...

7.2CVSS7.6AI score0.9019EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•27 views

D-Link DIR-X3260 prog.cgi SetWanSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...

6.8CVSS7.5AI score0.01126EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•20 views

D-Link DIR-X3260 prog.cgi SetAPClientSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...

6.8CVSS7.5AI score0.01126EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•20 views

Ivanti Avalanche decode XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decode method. Due to the improper restriction of XML External Entity XXE...

6.5CVSS6.3AI score0.04004EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•25 views

D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Nonce Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Authorization header by the RTSP server,...

8.8CVSS7.5AI score0.01315EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•26 views

D-Link DIR-X3260 prog.cgi SetIPv6PppoeSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...

6.8CVSS7.5AI score0.01126EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•27 views

D-Link DIR-X3260 prog.cgi SetDynamicDNSSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...

6.8CVSS7.5AI score0.01136EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•18 views

Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue results from the lack of proper validation of the...

9.8CVSS7.4AI score0.11337EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•28 views

Ivanti Avalanche validateAMCWSConnection Server-Side Request Forgery Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the validateAMCWSConnection method. The issue results from the lack of proper...

7.5CVSS6.2AI score0.82846EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•21 views

Ivanti Avalanche FileStoreConfig Arbitrary File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileStoreConfig app. The issue results from the lack of proper validation of...

7.2CVSS7.6AI score0.81884EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•13 views

Ivanti Avalanche WLAvalancheService Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue results from the lack of proper validation of the...

9.8CVSS7.4AI score0.06782EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•14 views

Ivanti Avalanche WLAvalancheService TV_FC Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue results from the lack of proper validation of the...

9.8CVSS7.4AI score0.11337EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•27 views

Ivanti Avalanche WLAvalancheService Integer Underflow Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WLAvalancheService. The issue results from the lack of proper...

7.5CVSS6.7AI score0.04148EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•22 views

Ivanti Avalanche SecureFilter allowPassThrough Authentication Bypass Vulnerability

This vulnerability allows remote attackers to partially bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the allowPassThrough method. The issue results from incorrect string matching...

7.3CVSS7AI score0.91EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/11 12:0 a.m.•27 views

Trend Micro Apex Central Cross-Site Scripting Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the Policy Management functionality. The issue results from the lack of proper...

5.4CVSS7.5AI score0.02434EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/10 12:0 a.m.•23 views

Trend Micro Apex Central widget WFProxy Local File Inclusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the getObjWGFServiceApiByApiName function. The issue results from the lack of prope...

7.5CVSS7.5AI score0.04536EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/10 12:0 a.m.•49 views

Microsoft Office Word FBX File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing ...

7.8CVSS6.8AI score0.0326EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/10 12:0 a.m.•21 views

Trend Micro Apex One Security Agent Updater Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

7CVSS7.5AI score0.00311EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/10 12:0 a.m.•16 views

Trend Micro Apex One Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

7.8CVSS7.5AI score0.00311EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/10 12:0 a.m.•39 views

Microsoft Windows cldflt Integer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Only systems with long Win32 path support enabled...

7.8CVSS7.2AI score0.11509EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/10 12:0 a.m.•17 views

Trend Micro Apex One Anti-Spyware Engine Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

7.8CVSS7.5AI score0.00311EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/10 12:0 a.m.•10 views

Foxit PDF Reader Doc Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of D...

7.8CVSS7.2AI score
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/10 12:0 a.m.•26 views

Trend Micro Apex One Virus Scan Engine Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

7.8CVSS7.5AI score0.00311EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/10 12:0 a.m.•23 views

Trend Micro Apex One Exposed Dangerous Function Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

7.8CVSS7.5AI score0.00225EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/09 12:0 a.m.•245 views

Linux Kernel GSM Multiplexing Race Condition Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ngsm driver. The...

8.8CVSS7.5AI score0.00767EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/08 12:0 a.m.•16 views

Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP...

7.8CVSS7.2AI score0.0065EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/05 12:0 a.m.•33 views

Inductive Automation Ignition Base64Element Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the Base64Element class. The issue results from the lack of proper validation ...

7.2CVSS7.8AI score0.01846EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/05 12:0 a.m.•25 views

Inductive Automation Ignition ExtendedDocumentCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExtendedDocumentCodec class. The issue results from the lack of proper...

8.8CVSS7.8AI score0.55177EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/05 12:0 a.m.•26 views

Inductive Automation Ignition ResponseParser SerializedResponse Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific flaw exists within the ResponseParser...

8.8CVSS7.5AI score0.01145EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/05 12:0 a.m.•22 views

Inductive Automation Ignition RunQuery Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the RunQuery class. The issue results from the lack of proper validation of...

8.8CVSS7.8AI score0.01501EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/05 12:0 a.m.•20 views

Inductive Automation Ignition ResponseParser Notification Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server. The specific flaw exists within the ResponseParser...

8.8CVSS7.5AI score0.01145EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/04 12:0 a.m.•19 views

Kofax Power PDF OXPS File Parsing Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

3.3CVSS6.4AI score0.00497EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/04 12:0 a.m.•16 views

Kofax Power PDF BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP...

7.8CVSS7.2AI score0.00486EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/04 12:0 a.m.•22 views

Kofax Power PDF XPS File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPS...

7.8CVSS7.2AI score0.00541EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/04 12:0 a.m.•18 views

Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

3.3CVSS6.3AI score0.00461EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/04 12:0 a.m.•37 views

X.Org Server ProcXIChangeProperty Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

7.8CVSS7.7AI score0.0062EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
•added 2024/01/04 12:0 a.m.•16 views

Kofax Power PDF OXPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

3.3CVSS6.3AI score0.00461EPSS
Exploits0References1
Total number of security vulnerabilities16763