CVE Number | Description | Base Score | Reference |
---|
CVE-2016-8733 | An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a kernel panic and potentially be leveraged into a full privilege escalation vulnerability. This vulnerability is distinct from CVE-2016-9031. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-8733 |
CVE-2017-7297 | Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-7297 |
CVE-2016-8718 | An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an authentic request. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-8718 |
CVE-2017-2827 | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2827 |
CVE-2017-2828 | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2828 |
CVE-2017-2841 | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2841 |
CVE-2017-2842 | In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2842 |
CVE-2017-2843 | In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2843 |
CVE-2017-2844 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2844 |
CVE-2017-2845 | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SMTP configuration tests resulting in command execution | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2845 |
CVE-2017-2846 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2846 |
CVE-2017-2847 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2847 |
CVE-2017-2848 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2848 |
CVE-2017-2849 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2849 |
CVE-2017-2850 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during a username change, which in turn allows for bypassing chroot restrictions in the FTP server. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2850 |
CVE-2017-2814 | An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2814 |
CVE-2017-2818 | An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2818 |
CVE-2017-2820 | An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2820 |
CVE-2017-2821 | An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2821 |
CVE-2017-2822 | An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user controlled data being written to the stack. A maliciously crafted PDF file can be used to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2822 |
CVE-2017-2816 | An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2816 |
CVE-2017-2887 | An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2887 |
CVE-2017-2888 | An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2888 |
CVE-2017-11292 | Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-11292 |
CVE-2017-2866 | An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2866 |
CVE-2017-2881 | An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2881 |
CVE-2017-2890 | An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2890 |
CVE-2017-2916 | An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2916 |
CVE-2017-2917 | An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2917 |
CVE-2018-3835 | An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. The vulnerability is present in the reading of a file without proper parameter checking. The value read in, is not verified to be valid and its use can lead to a buffer overflow, potentially resulting in code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3835 |
CVE-2018-3839 | An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3839 |
CVE-2018-3846 | In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3846 |
CVE-2018-3848 | In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3848 |
CVE-2018-3849 | In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3849 |
CVE-2017-2871 | Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access can fully compromise the device by performing a firmware recovery using a custom image. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2871 |
CVE-2018-3842 | An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code execution. An attacker needs to trick the user to open a malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3842 |
CVE-2018-3843 | An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can potentially lead to sensitive memory disclosure, and possibly to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3843 |
CVE-2017-14458 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-14458 |
CVE-2018-3850 | An exploitable use-after-free vulnerability exists in the JavaScript engine Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If a browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3850 |
CVE-2016-8382 | An exploitable heap corruption vulnerability exists in the Doc_SetSummary functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send a malicious doc file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-8382 |
CVE-2016-8383 | An exploitable heap corruption vulnerability exists in the Doc_GetFontTable functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious doc file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-8383 |
CVE-2016-8384 | An exploitable heap corruption vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-8384 |
CVE-2017-12108 | An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-12108 |
CVE-2017-12109 | An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULRK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-12109 |
CVE-2017-12122 | An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-12122 |
CVE-2017-14440 | An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-14440 |
CVE-2017-14441 | An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-14441 |
CVE-2017-14442 | An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-14442 |
CVE-2017-14448 | An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-14448 |
CVE-2017-14449 | A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-14449 |
CVE-2017-2923 | An exploitable heap based buffer overflow vulnerability exists in the 'read_biff_next_record function' of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2923 |
CVE-2017-2924 | An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2924 |
CVE-2017-12120 | An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the "/goform/net_WebPingGetValue" URI to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-12120 |
CVE-2017-12121 | An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakey\\_name= parm in the "/goform/WebRSAKEYGen" uri to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-12121 |
CVE-2017-12123 | An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-12123 |
CVE-2017-12125 | An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the "/goform/net_WebCSRGen" uri to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-12125 |
CVE-2017-12126 | An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-12126 |
CVE-2017-14432 | An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the openvpnServer0_tmp= parameter in the "/goform/net\\_Web\\_get_value" uri to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-14432 |
CVE-2017-14433 | An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetwork0= parameter in the "/goform/net\\_Web\\_get_value" uri to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-14433 |
CVE-2017-14434 | An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetmask0= parameter in the "/goform/net\\_Web\\_get_value" uri to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-14434 |
CVE-2018-0387 | A vulnerability in Cisco Webex Teams (for Windows and macOS) could allow an unauthenticated, remote attacker to execute arbitrary code on the user's device, possibly with elevated privileges. The vulnerability occurs because Cisco Webex Teams does not properly sanitize input. An attacker could exploit the vulnerability by sending a user a malicious link and persuading the user to follow the link. A successful exploit could allow the attacker to execute arbitrary code on the user's system. Cisco Bug IDs: CSCvh66250. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-0387 |
CVE-2018-3847 | Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3847 |
CVE-2017-14453 | On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ad_r, which has a size of 16 bytes. An attacker can send an arbitrarily long "ad_r" parameter in order to exploit this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-14453 |
CVE-2017-14455 | On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ak, which has a size of 16 bytes. An attacker can send an arbitrarily long "ak" parameter in order to exploit this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-14455 |
CVE-2017-16337 | On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. At 0x9d01ef24 the value for the s_offset key is copied using strcpy to the buffer at $sp+0x2b0. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-16337 |
CVE-2018-3879 | An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in turn leads to a SQL injection in the video-core database. An attacker can send a series of HTTP requests to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3879 |
CVE-2017-14452 | An exploitable buffer overflow vulnerability exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. A strcpy overflows the buffer insteon_pubnub.channel_cc_r, which has a size of 16 bytes. An attacker can send an arbitrarily long "c_r" parameter in order to exploit this vulnerability. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-14452 |
CVE-2018-3893 | An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3893 |
CVE-2018-3895 | An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long 'endTime' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3895 |
CVE-2018-3952 | An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3952 |
CVE-2018-4010 | An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system's privileges. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-4010 |
CVE-2016-9044 | An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . A specially crafted web parameter can cause a command injection. An authenticated attacker can send a crafted web request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-9044 |
CVE-2018-3896 | An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "correlationId" value in order to exploit this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3896 |
CVE-2018-3897 | An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "callbackUrl" value in order to exploit this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3897 |
CVE-2018-3875 | An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy overflows the destination buffer, which has a size of 2,000 bytes. An attacker can send an arbitrarily long "sessionToken" value in order to exploit this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3875 |
CVE-2018-3882 | An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The searchfield parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3882 |
CVE-2018-3883 | An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The employee and sort_order parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3883 |
CVE-2018-3884 | An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The sort_by and start parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3884 |
CVE-2018-3885 | An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The order_by parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3885 |
CVE-2016-9045 | A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-9045 |
CVE-2018-3864 | An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "password" value in order to exploit this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3864 |
CVE-2018-3865 | An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "cameraIp" value in order to exploit this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3865 |
CVE-2018-3873 | An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey" value in order to exploit this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3873 |
CVE-2018-3874 | An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long "accessKey" value in order to exploit this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3874 |
CVE-2018-3876 | An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket" value in order to exploit this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3876 |
CVE-2018-3877 | An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 160 bytes. An attacker can send an arbitrarily long "directory" value in order to exploit this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3877 |
CVE-2018-3894 | An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "startTime" value in order to exploit this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3894 |
CVE-2018-3900 | An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. An attacker can make the camera scan a QR code to trigger this vulnerability. Alternatively, a user could be convinced to display a QR code from the internet to their camera, which could exploit this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3900 |
CVE-2018-3977 | An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3977 |
CVE-2018-19277 | securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-19277 |
CVE-2018-3950 | An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 http server. A specially crafted IP address can cause a stack overflow, resulting in remote code execution. An attacker can send a single authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3950 |
CVE-2018-20545 | There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-20545 |
CVE-2018-20548 | There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-20548 |
CVE-2018-20549 | There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-20549 |
CVE-2018-20321 | An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the default namespace in a separate project, where only cluster admins can be given permissions to access. As of 2018-12-20, this bug affected ALL clusters created or imported by Rancher. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-20321 |
CVE-2018-4017 | An exploitable vulnerability exists in the Wi-Fi Access Point feature of the Roav A1 Dashcam running version RoavA1SWV1.9. A set of default credentials can potentially be used to connect to the device. An attacker can connect to the AP to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-4017 |
CVE-2019-9858 | Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and _getUpload(), which uses unsanitized user input as a path to save the image. The unsanitized POST parameter object[photo][img][file] is saved in the $upload[img][file] PHP variable, allowing an attacker to manipulate the $tmp_file passed to move_uploaded_file() to save the uploaded file. By setting the parameter to (for example) ../usr/share/horde/static/bd.php, one can write a PHP backdoor inside the web root. The static/ destination folder is a good candidate to drop the backdoor because it is always writable in Horde installations. (The unsanitized POST parameter went probably unnoticed because it's never submitted by the forms, which default to securely using a random path.) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-9858 |
CVE-2019-12274 | In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as /root/.kube/config or /var/lib/rancher/management-state/cred/kubeconfig-system.yaml. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-12274 |
CVE-2019-12303 | In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-12303 |
CVE-2019-7845 | Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-7845 |
CVE-2019-11409 | app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-11409 |
CVE-2019-5051 | An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5051 |
CVE-2019-5052 | An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5052 |
CVE-2018-14550 | An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-14550 |
CVE-2019-12325 | The Htek UC902 VoIP phone web management interface contains several buffer overflow vulnerabilities in the firmware version 2.0.4.4.46, which allow an attacker to crash the device (DoS) without authentication or execute code (authenticated as a user) to spawn a remote shell as a root user. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-12325 |
CVE-2019-5057 | An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5057 |
CVE-2019-5058 | An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5058 |
CVE-2019-5059 | An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5059 |
CVE-2019-5060 | An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5060 |
CVE-2019-5038 | An exploitable command execution vulnerability exists in the print-tlv command of Weave tool. A specially crafted weave TLV can trigger a stack-based buffer overflow, resulting in code execution. An attacker can trigger this vulnerability by convincing the user to open a specially crafted Weave command. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5038 |
CVE-2019-5039 | An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. A specially crafted weave certificate can trigger a heap-based buffer overflow, resulting in code execution. An attacker can craft a weave certificate to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5039 |
CVE-2019-5032 | An exploitable out-of-bounds read vulnerability exists in the LabelSst record parser of Aspose Aspose.Cells 19.1.0 library. A specially crafted XLS file can cause an out-of-bounds read, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5032 |
CVE-2019-5033 | An exploitable out-of-bounds read vulnerability exists in the Number record parser of Aspose Aspose.Cells 19.1.0 library. A specially crafted XLS file can cause an out-of-bounds read, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5033 |
CVE-2019-5041 | An exploitable Stack Based Buffer Overflow vulnerability exists in the EnumMetaInfo function of Aspose Aspose.Words library, version 18.11.0.0. A specially crafted doc file can cause a stack-based buffer overflow, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5041 |
CVE-2019-5069 | A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5069 |
CVE-2019-5042 | An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. An attacker can send a malicious PDF to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5042 |
CVE-2019-5031 | An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn't handled properly, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5031 |
CVE-2019-14287 | In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \\#$((0xffffffff))" command. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-14287 |
CVE-2019-5114 | An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and,in certain configuration, access the underlying operating system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5114 |
CVE-2019-5116 | An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause a SQL injection. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5116 |
CVE-2019-5117 | Exploitable SQL injection vulnerabilities exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5117 |
CVE-2019-5119 | An exploitable SQL injection vulnerability exist in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5119 |
CVE-2019-5120 | An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5120 |
CVE-2019-5121 | SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter uuid in /objects/pluginSwitch.json.php | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5121 |
CVE-2019-5122 | SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter name in /objects/pluginSwitch.json.php. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5122 |
CVE-2019-5123 | Specially crafted web requests can cause SQL injections in YouPHPTube 7.6. An attacker can send a web request with Parameter dir in /objects/pluginSwitch.json.php. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5123 |
CVE-2019-5030 | A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 (7,0,2019,0220). While parsing a document text info container, the TxMasterStyleAtom::parse function is incorrectly checking the bounds corresponding to the number of style levels, causing a vtable pointer to be overwritten, which leads to code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5030 |
CVE-2019-5086 | An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools, version 1.0.7. An integer overflow can occur while walking through tiles that could be exploited to corrupt memory and execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5086 |
CVE-2019-5087 | An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools 1.0.7. An integer overflow can occur while calculating the row's allocation size, that could be exploited to corrupt memory and eventually execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5087 |
CVE-2019-5076 | An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG header-parser of the Accusoft ImageGear 19.3.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the viction to trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5076 |
CVE-2019-5083 | An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFdecodethunderscan function of Accusoft ImageGear 19.3.0 library. A specially crafted TIFF file can cause an out of bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5083 |
CVE-2019-5109 | Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5109 |
CVE-2019-5110 | Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5110 |
CVE-2019-5111 | Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_cat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5111 |
CVE-2019-5112 | Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_status was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5112 |
CVE-2019-5132 | An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll GEM Raster parser of the Accusoft ImageGear 19.3.0 library. A specially crafted GEM file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5132 |
CVE-2019-5133 | An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll BMP parser of the ImageGear 19.3.0 library. A specially crafted BMP file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5133 |
CVE-2019-5092 | An exploitable heap out of bounds write vulnerability exists in the UI tag parsing functionality of the DICOM image format of LEADTOOLS 20.0.2019.3.15. A specially crafted DICOM image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An attacker can specially craft a DICOM image to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5092 |
CVE-2019-5154 | An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. A specially crafted J2K image file can cause an out of bounds write of a null byte in a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5154 |
CVE-2019-5144 | An exploitable heap underflow vulnerability exists in the derive_taps_and_gains function in kdu_v7ar.dll of Kakadu Software SDK 7.10.2. A specially crafted jp2 file can cause a heap overflow, which can result in remote code execution. An attacker could provide a malformed file to the victim to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5144 |
CVE-2019-5063 | An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5063 |
CVE-2019-5064 | An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5064 |
CVE-2019-5126 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5126 |
CVE-2019-5130 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5130 |
CVE-2019-5131 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5131 |
CVE-2019-5145 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5145 |
CVE-2020-6063 | An exploitable out-of-bounds write vulnerability exists in the uncompress_scan_line function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted PCX file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6063 |
CVE-2020-6064 | An exploitable out-of-bounds write vulnerability exists in the uncompress_scan_line function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted PCX file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6064 |
CVE-2020-6065 | An exploitable out-of-bounds write vulnerability exists in the bmp_parsing function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted BMP file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6065 |
CVE-2020-6066 | An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll JPEG SOFx parser of the Accusoft ImageGear 19.5.0 library. A specially crafted JPEG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6066 |
CVE-2020-6067 | An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFF tifread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted TIFF file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6067 |
CVE-2020-6069 | An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll JPEG jpegread precision parser of the Accusoft ImageGear 19.5.0 library. A specially crafted JPEG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6069 |
CVE-2019-5187 | An exploitable out-of-bounds write vulnerability exists in the TIFreadstripdata function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted TIFF file file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5187 |
CVE-2020-6068 | An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG pngread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6068 |
CVE-2019-5136 | An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5136 |
CVE-2019-5140 | An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5140 |
CVE-2019-5141 | An exploitable command injection vulnerability exists in the iw_webs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5141 |
CVE-2019-5143 | An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5143 |
CVE-2019-5153 | An exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5153 |
CVE-2019-5162 | An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5162 |
CVE-2020-4272 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted request specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-ForceID: 175898. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-4272 |
CVE-2020-7351 | An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the "asterisk" user. Note that Trixbox Community Edition has been unsupported by the vendor since 2012. This issue affects: Fonality Trixbox Community Edition, versions 1.2.0 through 2.8.0.4. Versions 1.0 and 1.1 are unaffected. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-7351 |
CVE-2020-6075 | An exploitable out-of-bounds write vulnerability exists in the store_data_buffer function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6075 |
CVE-2020-6076 | An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll ICO icoread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted ICO file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6076 |
CVE-2020-6082 | An exploitable out-of-bounds write vulnerability exists in the ico_read function of the igcore19d.dll library of Accusoft ImageGear 19.6.0. A specially crafted ICO file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6082 |
CVE-2020-6094 | An exploitable code execution vulnerability exists in the TIFF fillinraster function of the igcore19d.dll library of Accusoft ImageGear 19.4, 19.5 and 19.6. A specially crafted TIFF file can cause an out-of-bounds write, resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6094 |
CVE-2020-6081 | An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6081 |
CVE-2020-6110 | An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to trigger this vulnerability. For the most severe effect, target user interaction is required. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6110 |
CVE-2020-6145 | An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6145 |
CVE-2020-6117 | SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bday parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6117 |
CVE-2020-6118 | SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bmonth parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6118 |
CVE-2020-6119 | SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The byear parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6119 |
CVE-2020-6120 | SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The fn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6120 |
CVE-2020-6121 | SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The ln parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6121 |
CVE-2020-6122 | SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The mn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6122 |
CVE-2020-6123 | An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheck.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6123 |
CVE-2020-6129 | SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page CpSessionSet.php is vulnerable to SQL injection.An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6129 |
CVE-2020-6130 | SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassDropSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6130 |
CVE-2020-6131 | SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassScheduleSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6131 |
CVE-2020-6124 | An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheckOthers.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6124 |
CVE-2020-6125 | An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6125 |
CVE-2020-6126 | SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The course_period_id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6126 |
CVE-2020-6127 | SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6127 |
CVE-2020-6128 | SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. The meet_date parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6128 |
CVE-2020-6132 | SQL injection vulnerability exists in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page ChooseCP.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6132 |
CVE-2020-6133 | SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page CourseMoreInfo.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6133 |
CVE-2020-6134 | SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page MassDropModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6134 |
CVE-2020-6135 | An exploitable SQL injection vulnerability exists in the Validator.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6135 |
CVE-2020-6136 | An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6136 |
CVE-2020-6146 | An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. When drawing the contents of a page and selecting the stroke color from an 'ICCBased' colorspace, the application will read a length from the file and use it as a loop sentinel when writing data into the member of an object. Due to the object member being a buffer of a static size allocated on the heap, this can result in a heap-based buffer overflow. A specially crafted document must be loaded by a victim in order to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6146 |
CVE-2020-13531 | A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 processes reference paths textual USD files. A specially crafted file can trigger the reuse of a freed memory which can result in further memory corruption and arbitrary code execution. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13531 |
CVE-2020-13543 | A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13543 |
CVE-2020-13584 | An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13584 |
CVE-2020-13525 | The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13525 |
CVE-2020-13526 | SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. The reportTables_Ajax and clientSetupAjax pages are vulnerable to SQL injection in the sort parameter.An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13526 |
CVE-2020-13512 | A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0d8 gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13512 |
CVE-2020-13513 | A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0dc gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13513 |
CVE-2020-13514 | A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0e0 gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13514 |
CVE-2020-13515 | A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c40a148 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause an adversary to obtain elevated privileges. An attacker can send a malicious IRP to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13515 |
CVE-2020-13519 | A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c402088 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. An attacker can send a malicious IRP to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13519 |
CVE-2020-13557 | A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13557 |
CVE-2020-13560 | A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13560 |
CVE-2020-13570 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger the reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13570 |
CVE-2020-13547 | A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger an improper use of an object, resulting in memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13547 |
CVE-2020-13541 | An exploitable local privilege elevation vulnerability exists in the file system permissions of the Mobile-911 Server V2.5 install directory. Depending on the vector chosen, an attacker can overwrite the service executable and execute arbitrary code with System privileges or replace other files within the installation folder that could lead to local privilege escalation. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13541 |
CVE-2021-1257 | A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a web-based management user to follow a specially crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the authenticated user. These actions include modifying the device configuration, disconnecting the user's session, and executing Command Runner commands. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1257 |
CVE-2020-13569 | A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can send an HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13569 |
CVE-2020-13586 | A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13586 |
CVE-2020-13548 | In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13548 |
CVE-2020-13561 | An out-of-bounds write vulnerability exists in the TIFF parser of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13561 |
CVE-2020-13571 | An out-of-bounds write vulnerability exists in the SGI RLE decompression functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13571 |
CVE-2020-13572 | A heap overflow vulnerability exists in the way the GIF parser decodes LZW compressed streams in Accusoft ImageGear 19.8. A specially crafted malformed file can trigger a heap overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13572 |
CVE-2020-13585 | An out-of-bounds write vulnerability exists in the PSD Header processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13585 |
CVE-2020-13551 | An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13551 |
CVE-2020-13552 | An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13552 |
CVE-2020-13553 | An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13553 |
CVE-2020-13555 | An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13555 |
CVE-2020-13558 | A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13558 |
CVE-2021-21480 | SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). An attacker can intercept a request to the server, inject malicious JSP code in the request and forward to server. When this dashboard is opened by users having at least SAP_XMII Developer role, malicious content in the dashboard gets executed, leading to remote code execution in the server, which allows privilege escalation. The malicious JSP code can contain certain OS commands, through which an attacker can read sensitive files in the server, modify files or even delete contents in the server thus compromising the confidentiality, integrity and availability of the server hosting the SAP MII application. Also, an attacker authenticated as a developer can use the application to upload and execute a file which will permit them to execute operating systems commands completely compromising the server hosting the application. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21480 |
CVE-2021-21782 | An out-of-bounds write vulnerability exists in the SGI format buffer size processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21782 |
CVE-2020-13587 | An exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13587 |
CVE-2020-13591 | An exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13591 |
CVE-2020-13592 | An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13592 |
CVE-2020-13566 | SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/edit_group.php, when the POST parameter action is “Delete”, the POST parameter delete_group leads to a SQL injection. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13566 |
CVE-2020-13568 | SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/edit_group.php, when the POST parameter action is “Submit”, the POST parameter parent_id leads to a SQL injection. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13568 |
CVE-2020-27226 | An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-27226 |
CVE-2020-27229 | A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findPersonID parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-27229 |
CVE-2020-27230 | A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findSector parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-27230 |
CVE-2020-27231 | A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findDistrict parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-27231 |
CVE-2020-27232 | An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-27232 |
CVE-2020-27242 | An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoLocation parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-27242 |
CVE-2020-27243 | An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoService parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-27243 |
CVE-2020-27244 | An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoCode parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-27244 |
CVE-2020-27245 | An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoBuyer parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-27245 |
CVE-2020-27246 | An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoComment parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-27246 |
CVE-2021-21787 | A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0d8, the first dword passed in the input buffer is the device port to write to and the byte at offset 4 is the value to write via the OUT instruction. The OUT instruction can write one byte to the given I/O device port, potentially leading to escalated privileges of unprivileged users. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21787 |
CVE-2021-21788 | A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0dc, the first dword passed in the input buffer is the device port to write to and the word at offset 4 is the value to write via the OUT instruction. The OUT instruction can write one byte to the given I/O device port, potentially leading to escalated privileges of unprivileged users. A local attacker can send a malicious IRP to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21788 |
CVE-2021-21789 | A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0e0, the first dword passed in the input buffer is the device port to write to and the dword at offset 4 is the value to write via the OUT instruction. A local attacker can send a malicious IRP to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21789 |
CVE-2021-21775 | A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21775 |
CVE-2021-21807 | An integer overflow vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21807 |
CVE-2021-21779 | A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21779 |
CVE-2021-21793 | An out-of-bounds write vulnerability exists in the JPG sof_nb_comp header processing functionality of Accusoft ImageGear 19.8 and 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21793 |
CVE-2021-21806 | An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21806 |
CVE-2021-21831 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21831 |
CVE-2021-21870 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.4.37651. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening a malicious file or site to trigger this vulnerability if the browser plugin extension is enabled. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21870 |
CVE-2021-21893 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.0.0.49893. A specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21893 |
CVE-2020-28589 | An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-28589 |
CVE-2021-21859 | An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The stri_box_read function is used when processing atoms using the 'stri' FOURCC code. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21859 |
CVE-2021-21860 | An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. The FOURCC code, 'trik', is parsed by the function within the library. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21860 |
CVE-2021-21861 | An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21861 |
CVE-2020-13588 | An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The heading_field_id parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13588 |
CVE-2020-13589 | An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The entities_id parameter in the 'entities/fields page (mulitple_edit or copy_selected or export function) is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13589 |
CVE-2021-21837 | Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21837 |
CVE-2021-21838 | Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21838 |
CVE-2021-21839 | Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21839 |
CVE-2021-21843 | Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. After validating the number of ranges, at [41] the library will multiply the count by the size of the GF_SubsegmentRangeInfo structure. On a 32-bit platform, this multiplication can result in an integer overflow causing the space of the array being allocated to be less than expected. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21843 |
CVE-2021-21844 | Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when encountering an atom using the “stco” FOURCC code, can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21844 |
CVE-2021-21845 | Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsc” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21845 |
CVE-2021-21846 | Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsz” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21846 |
CVE-2021-21847 | Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stts” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21847 |
CVE-2021-21851 | Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “csgp” decoder sample group description indices can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21851 |
CVE-2021-21852 | Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “stss” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21852 |
CVE-2021-21853 | Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21853 |
CVE-2021-21854 | Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21854 |
CVE-2021-21855 | Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21855 |
CVE-2021-21856 | Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21856 |
CVE-2021-21857 | Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21857 |
CVE-2021-21858 | Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21858 |
CVE-2021-21834 | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom for the “co64” FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21834 |
CVE-2021-21835 | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom associated with the “csgp” FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21835 |
CVE-2021-21836 | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input using the “ctts” FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21836 |
CVE-2021-21840 | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input used to process an atom using the “saio” FOURCC code cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21840 |
CVE-2021-21841 | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when reading an atom using the 'sbgp' FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21841 |
CVE-2021-21842 | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when processing an atom using the 'ssix' FOURCC code, due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21842 |
CVE-2021-21848 | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for atoms with the “stsz” FOURCC code when parsing atoms that use the “stz2” FOURCC code and can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21848 |
CVE-2021-21849 | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “tfra” FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21849 |
CVE-2021-21850 | An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “trun” FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21850 |
CVE-2020-35633 | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() store_sm_boundary_item() Edge_of.A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-35633 |
CVE-2020-35634 | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->boundary_entry_objects Sloop_of. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-35634 |
CVE-2020-35635 | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-35635 |
CVE-2021-21897 | A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21897 |
CVE-2017-5123 | Insufficient data validation in waitid allowed an user to escape sandboxes on Linux. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-5123 |
CVE-2021-21899 | A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21899 |
CVE-2021-21900 | A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21900 |
CVE-2021-21898 | A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21898 |
CVE-2021-21957 | A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report ODS Remote Connector 20.2.16900.0. A specially-crafted command injection can lead to elevated capabilities. An attacker can provide a malicious file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21957 |
CVE-2021-21879 | A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21879 |
CVE-2021-21882 | An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21882 |
CVE-2021-21901 | A stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to memcpy. An attacker can send a malicious packet to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21901 |
CVE-2021-21915 | An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at ‘company_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21915 |
CVE-2021-21917 | An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at '‘ord’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21917 |
CVE-2021-21918 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21918 |
CVE-2021-21919 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ord’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21919 |
CVE-2021-21920 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘surname_filter’ parameter with the administrative account or through cross-site request forgery. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21920 |
CVE-2021-21921 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter with the administrative account or through cross-site request forgery. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21921 |
CVE-2021-21922 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘username_filter’ parameter with the administrative account or through cross-site request forgery. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21922 |
CVE-2021-21923 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘company_filter’ parameter with the administrative account or through cross-site request forgery. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21923 |
CVE-2021-21924 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘desc_filter’ parameter. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21924 |
CVE-2021-21925 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘firm_filter’ parameter. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21925 |
CVE-2021-21927 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘loc_filter’ parameter. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21927 |
CVE-2021-21928 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘mac_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21928 |
CVE-2021-21929 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘prod_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21929 |
CVE-2021-21930 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘sn_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21930 |
CVE-2021-21931 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at‘ stat_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21931 |
CVE-2021-21932 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘name_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21932 |
CVE-2021-21933 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘esn_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21933 |
CVE-2021-21934 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘imei_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21934 |
CVE-2021-21935 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter2’ parameter. This can be done as any authenticated user or through cross-site request forgery. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21935 |
CVE-2021-21936 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘health_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21936 |
CVE-2021-21937 | A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21937 |
CVE-2022-23307 | CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23307 |
CVE-2021-40413 | An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The UpgradePrepare is the API that checks if a provided filename identifies a new version of the RLC-410W firmware. If the version is new, it would be possible, allegedly, to later on perform the Upgrade. An attacker can send an HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40413 |
CVE-2021-40414 | An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The SetMdAlarm API sets the movement detection parameters, giving the ability to set the sensitivity of the camera per a range of hours, and which of the camera spaces to ignore when considering movement detection. Because in cgi_check_ability the SetMdAlarm API does not have a specific case, the user permission will default to 7. This will give non-administrative users the possibility to change the movement detection parameters. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40414 |
CVE-2021-40416 | An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. All the Get APIs that are not included in cgi_check_ability are already executable by any logged-in users. An attacker can send an HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40416 |
CVE-2021-40420 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40420 |
CVE-2022-22150 | A memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger an exception which is improperly handled, leaving the engine in an invalid state, which can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22150 |
CVE-2022-0098 | Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0098 |
CVE-2022-0099 | Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gesture. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0099 |
CVE-2022-0100 | Heap buffer overflow in Media streams API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0100 |
CVE-2022-0101 | Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via specific user gesture. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0101 |
CVE-2022-0102 | Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0102 |
CVE-2022-0103 | Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0103 |
CVE-2022-0104 | Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0104 |
CVE-2022-0105 | Use after free in PDF Accessibility in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0105 |
CVE-2022-0106 | Use after free in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via a crafted HTML page. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0106 |
CVE-2022-0107 | Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0107 |
CVE-2022-0115 | Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0115 |
CVE-2022-23176 | WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. This vulnerability impacts Fireware OS before 12.7.2_U1, 12.x before 12.1.3_U3, and 12.2.x through 12.5.x before 12.5.7_U3. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23176 |
CVE-2022-25600 | Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3). | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25600 |
CVE-2022-27223 | In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27223 |
CVE-2022-23346 | BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23346 |
CVE-2022-23349 | BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF). | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23349 |
CVE-2022-27435 | An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allows attackers to upload a webshell via the Product Image component. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27435 |
CVE-2022-23732 | A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the management console. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.5 and was fixed in versions 3.1.19, 3.2.11, 3.3.6, 3.4.1. This vulnerability was reported via the GitHub Bug Bounty program. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23732 |
CVE-2021-45891 | An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that allows attackers to escalate privileges within the application, since all permission checks are done client-side, not server-side. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-45891 |
CVE-2021-39114 | Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-39114 |
CVE-2021-38834 | easy-mock v1.5.0-v1.6.0 allows remote attackers to bypass the vm2 sandbox and execute arbitrary system commands through special js code. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-38834 |
CVE-2022-26630 | Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \\app.\\admin\\Controllers\\db.php. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26630 |
CVE-2022-24780 | Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24780 |
CVE-2022-26110 | An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26110 |
CVE-2021-24009 | Multiple improper neutralization of special elements used in an OS command vulnerabilities (CWE-78) in the Web GUI of FortiWAN before 4.5.9 may allow an authenticated attacker to execute arbitrary commands on the underlying system's shell via specifically crafted HTTP requests. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-24009 |
CVE-2021-44169 | A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-44169 |
CVE-2021-26116 | An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-26116 |
CVE-2022-20763 | A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attacker to inject arbitrary Java code. This vulnerability is due to improper deserialization of Java code within login requests. An attacker could exploit this vulnerability by sending malicious login requests to the Cisco Webex Meetings service. A successful exploit could allow the attacker to inject arbitrary Java code and take arbitrary actions within the Cisco Webex Meetings application. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20763 |
CVE-2022-26605 | eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload functionality. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26605 |
CVE-2020-27373 | Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to Plain text command over BLE. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-27373 |
CVE-2020-27376 | Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Missing Authentication. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-27376 |
CVE-2022-26627 | Online Project Time Management System v1.0 was discovered to contain an arbitrary file write vulnerability which allows attackers to execute arbitrary code via a crafted HTML file. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26627 |
CVE-2021-43430 | An Access Control vulnerability exists in BigAntSoft BigAnt office messenger 5.6 via im_webserver, which could let a malicious user upload PHP Trojan files. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-43430 |
CVE-2022-0935 | Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0935 |
CVE-2022-23972 | ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23972 |
CVE-2022-23973 | ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. An unauthenticated LAN attacker can execute arbitrary code to perform arbitrary operations or disrupt service. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23973 |
CVE-2022-25596 | ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25596 |
CVE-2022-25597 | ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25597 |
CVE-2022-26670 | D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to control the system or disrupt service. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26670 |
CVE-2021-36202 | Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson Controls Metasys All 10 versions versions prior to 10.1.5; All 11 versions versions prior to 11.0.2. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-36202 |
CVE-2022-27064 | Musical World v1 was discovered to contain an arbitrary file upload vulnerability via uploaded_songs.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27064 |
CVE-2022-27346 | Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27346 |
CVE-2022-27352 | Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27352 |
CVE-2022-27992 | Zoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /public_html/animals via the class_id parameter. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27992 |
CVE-2022-28000 | Car Rental System v1.0 was discovered to contain a SQL injection vulnerability at /Car_Rental/booking.php via the id parameter. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28000 |
CVE-2021-41715 | libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither.c:379. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-41715 |
CVE-2022-27044 | libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c:876. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27044 |
CVE-2022-27046 | libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27046 |
CVE-2020-4668 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186283. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-4668 |
CVE-2021-40656 | libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40656 |
CVE-2022-24428 | Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24428 |
CVE-2022-26180 | qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26180 |
CVE-2021-32156 | A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-32156 |
CVE-2021-32159 | A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-32159 |
CVE-2021-32162 | A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-32162 |
CVE-2021-40219 | Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40219 |
CVE-2022-0999 | An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0999 |
CVE-2022-22572 | A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. The vulnerability affects Incapptic Connect version < 1.40.1. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22572 |
CVE-2022-25753 | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The handling of arguments such as IP addresses in the CLI of affected devices is prone to buffer overflows. This could allow an authenticated remote attacker to execute arbitrary code on the device. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25753 |
CVE-2022-25754 | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25754 |
CVE-2022-28661 | A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15114) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28661 |
CVE-2022-23257 | Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-22009, CVE-2022-24537. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23257 |
CVE-2022-23259 | Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23259 |
CVE-2022-24487 | Windows Local Security Authority (LSA) Remote Code Execution Vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24487 |
CVE-2022-24492 | Remote Procedure Call Runtime Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24528, CVE-2022-26809. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24492 |
CVE-2022-24500 | Windows SMB Remote Code Execution Vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24500 |
CVE-2022-24528 | Remote Procedure Call Runtime Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24492, CVE-2022-26809. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24528 |
CVE-2022-24541 | Windows Server Service Remote Code Execution Vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24541 |
CVE-2022-21442 | Vulnerability in Oracle GoldenGate (component: OGG Core Library). The supported version that is affected is Prior to 23.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle GoldenGate executes to compromise Oracle GoldenGate. While the vulnerability is in Oracle GoldenGate, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle GoldenGate. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-21442 |
CVE-2018-3911 | An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages, leading to partially controlled requests generated toward the internal video-core process. An attacker can send an HTTP request to trigger this vulnerability. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2018-3911 |
CVE-2018-3907 | An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'on_url' callback. An attacker can send an HTTP request to trigger this vulnerability. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2018-3907 |
CVE-2018-3909 | An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'onmessagecomplete' callback. An attacker can send an HTTP request to trigger this vulnerability. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2018-3909 |
CVE-2017-2795 | An exploitable heap corruption vulnerability exists in the Txo functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigger this vulnerability. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2017-2795 |
CVE-2021-25220 | BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2021-25220 |
CVE-2022-21430 | Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.4 and 12.0.0.5. Difficult to exploit vulnerability allows low privileged attacker with network access via TCP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). | 8.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-21430 |
CVE-2019-9503 | The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions. | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-9503 |
CVE-2022-24475 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912. | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-24475 |
CVE-2022-21424 | Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). The supported version that is affected is 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with network access via TCP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Billing and Revenue Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Billing and Revenue Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L). | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-21424 |
CVE-2016-9050 | An exploitable out-of-bounds read vulnerability exists in the client message-parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds read resulting in disclosure of memory within the process, the same vulnerability can also be used to trigger a denial of service. An attacker can simply connect to the port and send the packet to trigger this vulnerability. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2016-9050 |
CVE-2017-2895 | An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2017-2895 |
CVE-2018-3906 | An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2018-3906 |
CVE-2018-3915 | An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket" value in order to exploit this vulnerability. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2018-3915 |
CVE-2020-6059 | An exploitable out of bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out of bounds memory read which can result in sensitive information disclosure and Denial Of Service. In order to trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2020-6059 |
CVE-2021-20233 | A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-20233 |
CVE-2021-44224 | A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-44224 |
CVE-2022-21796 | A memory corruption vulnerability exists in the netserver parse_command_list functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-21796 |
CVE-2021-21965 | A denial of service vulnerability exists in the SeaMax remote configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-21965 |
CVE-2022-21824 | Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-21824 |
CVE-2022-1235 | Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-1235 |
CVE-2022-21446 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N). | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-21446 |
CVE-2022-21464 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Business Logic Infra SEC). The supported version that is affected is Prior to 9.2.6.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools and unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H). | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-21464 |
CVE-2016-8331 | An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2016-8331 |
CVE-2016-8706 | An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2016-8706 |
CVE-2016-8712 | An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2016-8712 |
CVE-2017-2784 | An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-2784 |
CVE-2017-2882 | An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to overwrite sensitive files, resulting in code execution. An attacker needs to impersonate a remote server in order to trigger this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-2882 |
CVE-2017-2883 | An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code. An attacker needs to impersonate a remote server in order to trigger this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-2883 |
CVE-2017-2914 | An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs network connectivity to the device to trigger this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-2914 |
CVE-2017-4995 | An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets." Spring Security configures Jackson with global default typing enabled, which means that (through the previous exploit) arbitrary code could be executed if all of the following is true: (1) Spring Security's Jackson support is being leveraged by invoking SecurityJackson2Modules.getModules(ClassLoader) or SecurityJackson2Modules.enableDefaultTyping(ObjectMapper); (2) Jackson is used to deserialize data that is not trusted (Spring Security does not perform deserialization using Jackson, so this is an explicit choice of the user); and (3) there is an unknown (Jackson is not blacklisting it already) "deserialization gadget" that allows code execution present on the classpath. Jackson provides a blacklisting approach to protecting against this type of attack, but Spring Security should be proactive against blocking unknown "deserialization gadgets" when Spring Security enables default typing. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-4995 |
CVE-2017-12112 | An exploitable improper authorization vulnerability exists in admin_addPeer API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-12112 |
CVE-2017-12115 | An exploitable improper authorization vulnerability exists in miner_setEtherbase API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-12115 |
CVE-2017-12117 | An exploitable improper authorization vulnerability exists in miner_start API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-12117 |
CVE-2017-12113 | An exploitable improper authorization vulnerability exists in admin_nodeInfo API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-12113 |
CVE-2017-12116 | An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-12116 |
CVE-2017-12118 | An exploitable improper authorization vulnerability exists in miner_stop API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). An attacker can send JSON to trigger this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-12118 |
CVE-2017-2835 | An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle to trigger this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-2835 |
CVE-2017-2815 | An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-2815 |
CVE-2018-10887 | A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-10887 |
CVE-2017-16349 | An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An attacker can issue authenticated HTTP requests to trigger this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-16349 |
CVE-2017-2854 | An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-2854 |
CVE-2017-2856 | An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-2856 |
CVE-2017-2857 | An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-2857 |
CVE-2017-2855 | An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-2855 |
CVE-2018-3947 | An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. An attacker can sniff network traffic to exploit this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-3947 |
CVE-2018-4015 | An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacker could impersonate a remote BrightCloud server to exploit this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-4015 |
CVE-2018-20546 | There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-20546 |
CVE-2018-20547 | There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-20547 |
CVE-2018-4012 | An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightCloud SDK. The function bc_http_read_header incorrectly handles overlong headers, leading to arbitrary code execution. An unauthenticated attacker could impersonate a remote BrightCloud server to trigger this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-4012 |
CVE-2018-3956 | An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensitive memory content and aid in exploitation when coupled with another vulnerability. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-3956 |
CVE-2019-6287 | In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-6287 |
CVE-2019-5018 | An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-5018 |
CVE-2019-12728 | Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' apps were not resolving dependencies over cleartext HTTP. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-12728 |
CVE-2019-10101 | JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-10101 |
CVE-2019-15637 | Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-15637 |
CVE-2020-7982 | An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification). | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-7982 |
CVE-2020-6096 | An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-6096 |
CVE-2020-8625 | BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-8625 |
CVE-2021-21772 | A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21772 |
CVE-2020-28593 | A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-28593 |
CVE-2021-21941 | A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to remote code execution. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21941 |
CVE-2021-21902 | An authentication bypass vulnerability exists in the CMA run_server_6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A properly-timed network connection can lead to authentication bypass via session hijacking. An attacker can send a sequence of requests to trigger this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21902 |
CVE-2021-21909 | Specially-crafted command line arguments can lead to arbitrary file deletion in the del .cnt|.log file delete command. An attacker can provide malicious inputs to trigger this vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21909 |
CVE-2021-21953 | An authentication bypass vulnerability exists in the process_msg() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted man-in-the-middle attack can lead to increased privileges. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21953 |
CVE-2021-21959 | A misconfiguration exists in the MQTTS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. This misconfiguration significantly simplifies a man-in-the-middle attack, which directly leads to control of device functionality. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21959 |
CVE-2021-21962 | A heap-based buffer overflow vulnerability exists in the OTA Update u-download functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A series of specially-crafted MQTT payloads can lead to remote code execution. An attacker must perform a man-in-the-middle attack in order to trigger this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21962 |
CVE-2021-21969 | An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [4] the json_object_get_string to populate the p_payload global variable. The p_payload is only 0x100 bytes long, and the total MQTT message could be up to 0x201 bytes. Because the function json_object_get_string will fill str based on the length of the json’s value and not the actual str size, this would result in a possible out-of-bounds write. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21969 |
CVE-2021-21970 | An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [3] the json_object_get_string to populate the p_name global variable. The p_name is only 0x80 bytes long, and the total MQTT message could be up to 0x201 bytes. Because the function json_object_get_string will fill str based on the length of the json’s value and not the actual str size, this would result in a possible out-of-bounds write. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21970 |
CVE-2022-0114 | Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-0114 |
CVE-2022-24801 | Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. Users who may be affected use Twisted Web's HTTP 1.1 server and/or proxy and also pass requests through a different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a different parser, so it is not affected. The issue has been addressed in Twisted 22.4.0rc1. Two workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by upgrading them; or filter malformed requests by other means, such as configuration of an upstream proxy. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-24801 |
CVE-2022-1213 | SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191 | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-1213 |
CVE-2021-41245 | Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, CSRF tokens generated by `privUITransactionFile` aren't properly checked. Versions 2.7.6 and 3.0.0 contain a patch for this issue. As a workaround, use the session implementation by adding in the iTop config file. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-41245 |
CVE-2021-45103 | An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can access files stored in S3 cloud storage that a user has asked HTCondor to transfer. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-45103 |
CVE-2022-20774 | A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-20774 |
CVE-2021-46416 | Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-46416 |
CVE-2022-22515 | A remote, unauthenticated attacker could utilize the control programmer of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-22515 |
CVE-2022-23970 | ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-23970 |
CVE-2022-23971 | ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service disruption. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-23971 |
CVE-2022-24821 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But a bug allow anyone with edit rights to actually create those. This issue has been patched in XWiki 13.10-rc-1, 12.10.11 and 13.4.6. There's no easy workaround for this issue, administrators should upgrade their wiki. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-24821 |
CVE-2021-43442 | A Logic Flaw vulnerability exists in i3 International Inc Annexxus Camera V5.2.0 build 150317 (Ax46), V5.0.9 build 151106 (Ax68), and V5.0.9 build 150615 (Ax78) due to a failure to allow the creation of more than one administrator account; however, this can be bypassed by parameter maniulation using PUT and DELETE and by calling the 'UserPermission' endpoint with the ID of created account and set it to 'admin' userType, successfully adding a second administrative account. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-43442 |
CVE-2022-24815 | JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. SQL Injection vulnerability in entities for applications generated with the option "reactive with Spring WebFlux" enabled and an SQL database using r2dbc. Applications created without "reactive with Spring WebFlux" and applications with NoSQL databases are not affected. Users who have generated a microservice Gateway using the affected version may be impacted as Gateways are reactive by default. Currently, SQL injection is possible in the findAllBy(Pageable pageable, Criteria criteria) method of an entity repository class generated in these applications as the where clause using Criteria for queries are not sanitized and user input is passed on as it is by the criteria. This issue has been patched in v7.8.1. Users unable to upgrade should be careful when combining criterias and conditions as the root of the issue lies in the `EntityManager.java` class when creating the where clause via `Conditions.just(criteria.toString())`. `just` accepts the literal string provided. Criteria's `toString` method returns a plain string and this combination is vulnerable to sql injection as the string is not sanitized and will contain whatever used passed as input using any plain SQL. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-24815 |
CVE-2022-24827 | Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. When leveraging the following together: Elide Aggregation Data Store for Analytic Queries, Parameterized Columns (A column that requires a client provided parameter), and a parameterized column of type TEXT. There is the potential for a hacker to provide a carefully crafted query that would bypass server side authorization filters through SQL injection. A recent patch to Elide 6.1.2 allowed the '-' character to be included in parameterized TEXT columns. This character can be interpreted as SQL comments ('--') and allow the attacker to remove the WHERE clause from the generated query and bypass authorization filters. A fix is provided in Elide 6.1.4. The vulnerability only exists for parameterized columns of type TEXT and only for analytic queries (CRUD is not impacted). Workarounds include leveraging a different type of parameterized column (TIME, MONEY, etc) or not leveraging parameterized columns. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-24827 |
CVE-2022-0141 | The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-0141 |
CVE-2022-24490 | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-24539, CVE-2022-26783, CVE-2022-26785. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-24490 |
CVE-2022-24539 | Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-24490, CVE-2022-26783, CVE-2022-26785. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-24539 |
CVE-2022-24545 | Windows Kerberos Remote Code Execution Vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-24545 |
CVE-2022-26919 | Windows LDAP Remote Code Execution Vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-26919 |
CVE-2022-21404 | Vulnerability in the Helidon product of Oracle Fusion Middleware (component: Reactive WebServer). Supported versions that are affected are 1.4.10 and 2.0.0-RC1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Helidon. Successful attacks of this vulnerability can result in takeover of Helidon. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-21404 |
CVE-2022-21497 | Vulnerability in the Oracle Web Services Manager product of Oracle Fusion Middleware (component: Web Services Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Web Services Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Web Services Manager accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N). | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-21497 |
CVE-2017-2915 | An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point reachable by the device to trigger this vulnerability. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2915 |
CVE-2017-12129 | An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and could brute force them. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2017-12129 |
CVE-2018-3910 | An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted SSID can cause a command injection, resulting in code execution. An attacker can cause a camera to connect to this SSID to trigger this vulnerability. Alternatively, an attacker can convince a user to connect their camera to this SSID. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3910 |
CVE-2020-2196 | Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2196 |
CVE-2021-22127 | An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow an unauthenticated attacker to execute arbitrary code on the host operating system as root via tricking the user into connecting to a network with a malicious name. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2021-22127 |
CVE-2021-43483 | An Access Control vulnerability exists in CLARO KAON CG3000 1.00.67 in the router configuration, which could allow a malicious user to read or update the configuraiton without authentication. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2021-43483 |
CVE-2022-26413 | A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26413 |
CVE-2022-24472 | Microsoft SharePoint Server Spoofing Vulnerability. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24472 |
CVE-2022-24533 | Remote Desktop Protocol Remote Code Execution Vulnerability. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24533 |
CVE-2016-1575 | The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-1575 |
CVE-2016-1576 | The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-1576 |
CVE-2016-2853 | The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-2853 |
CVE-2016-8332 | A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-8332 |
CVE-2016-8333 | An exploitable stack-based buffer overflow vulnerability exists in the ipfSetColourStroke functionality of Iceni Argus version 6.6.04 A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution. An attacker can provide a malicious pdf file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-8333 |
CVE-2016-8335 | An exploitable stack based buffer overflow vulnerability exists in the ipNameAdd functionality of Iceni Argus Version 6.6.04 (Sep 7 2012) NK - Linux x64 and Version 6.6.04 (Nov 14 2014) NK - Windows x64. A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution. An attacker can send/provide malicious pdf file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-8335 |
CVE-2016-9031 | An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a kernel panic and potentially be leveraged into a full privilege escalation vulnerability. This vulnerability is distinct from CVE-2016-8733. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-9031 |
CVE-2016-8710 | An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be triggered via attempting to decode a crafted BPG image using Libbpg. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-8710 |
CVE-2016-8709 | A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-8709 |
CVE-2016-8711 | A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-8711 |
CVE-2016-8713 | A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-8713 |
CVE-2016-2568 | pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-2568 |
CVE-2017-2791 | JustSystems Ichitaro 2016 Trial contains a vulnerability that exists when trying to open a specially crafted PowerPoint file. Due to the application incorrectly handling the error case for a function's result, the application will use this result in a pointer calculation for reading file data into. Due to this, the application will read data from the file into an invalid address thus corrupting memory. Under the right conditions, this can lead to code execution under the context of the application. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2791 |
CVE-2016-8385 | An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF to XML a stack variable will be left uninitialized which will later be used to fetch a length that is used in a copy operation. In most cases this will allow an aggressor to write outside the bounds of a stack buffer which is used to contain colors. This can lead to code execution under the context of the account running the tool. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-8385 |
CVE-2016-8386 | An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a PDF containing a malformed font to XML, the tool will attempt to use a size out of the font to search through a linked list of buffers to return. Due to a signedness issue, a buffer smaller than the requested size will be returned. Later when the tool tries to populate this buffer, the overflow will occur which can lead to code execution under the context of the user running the tool. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-8386 |
CVE-2016-8387 | An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF with an object encoded w/ multiple encoding types terminating with an LZW encoded type, an overflow may occur due to a lack of bounds checking by the LZW decoder. This can lead to code execution under the context of the account of the user running it. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-8387 |
CVE-2016-8388 | An exploitable arbitrary heap-overwrite vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will explicitly trust an index within the specific font object and use it to write the font's name to a single object within an array of objects. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-8388 |
CVE-2016-8389 | An exploitable integer-overflow vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will attempt to convert each character from a font into a polygon and then attempt to rasterize these shapes. As the application attempts to iterate through the rows and initializing the polygon shape in the buffer, it will write outside of the bounds of said buffer. This can lead to code execution under the context of the account running it. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-8389 |
CVE-2016-8715 | An exploitable heap corruption vulnerability exists in the loadTrailer functionality of Iceni Argus version 6.6.05. A specially crafted PDF file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide a malicious PDF file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-8715 |
CVE-2017-6060 | Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-6060 |
CVE-2017-2775 | An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled VI file can be used to trigger this vulnerability, exploitation could lead to remote code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2775 |
CVE-2017-2783 | An exploitable heap corruption vulnerability exists in the FillRowFormat functionality of Antenna House DMC HTMLFilter that is shipped with MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious xls file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2783 |
CVE-2017-2793 | An exploitable heap corruption vulnerability exists in the UnCompressUnicode functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2793 |
CVE-2017-2794 | An exploitable stack-based buffer overflow vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted PPT file can cause a stack corruption resulting in arbitrary code execution. An attacker can send/provide malicious PPT file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2794 |
CVE-2017-2797 | An exploitable heap overflow vulnerability exists in the ParseEnvironment functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2797 |
CVE-2017-2798 | An exploitable heap corruption vulnerability exists in the GetIndexArray functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted XLS file can cause a heap corruption resulting in arbitrary code execution. An attacker can send or provide a malicious XLS file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2798 |
CVE-2017-2799 | An exploitable heap corruption vulnerability exists in the AddSst functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted XLS file can cause a heap corruption resulting in arbitrary code execution. An attacker can send or provide a malicious XLS file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2799 |
CVE-2017-2817 | A stack buffer overflow vulnerability exists in the ISO parsing functionality of Power Software Ltd PowerISO 6.8. A specially crafted ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific ISO file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2817 |
CVE-2017-2819 | An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under the context of the application. An attacker can entice a user to open up a document in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2819 |
CVE-2017-2823 | A use-after-free vulnerability exists in the .ISO parsing functionality of PowerISO 6.8. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .ISO file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2823 |
CVE-2017-2813 | An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. A specially crafted jpeg2000 image can cause an integer overflow leading to wrong memory allocation resulting in arbitrary code execution. Vulnerability can be triggered by viewing the image in via the application or by using thumbnailing feature of IrfanView. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2813 |
CVE-2017-2863 | An out-of-bounds write vulnerability exists in the PDF parsing functionality of Infix 7.1.5. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2863 |
CVE-2017-2779 | An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument (VI) file can cause an attacker controlled looping condition resulting in an arbitrary null write. An attacker controlled VI file can be used to trigger this vulnerability and can potentially result in code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2779 |
CVE-2017-2807 | An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2807 |
CVE-2017-2808 | An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2808 |
CVE-2017-2862 | An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2862 |
CVE-2017-2870 | An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2870 |
CVE-2017-2809 | An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2809 |
CVE-2017-12106 | A memory corruption vulnerability exists in the .TGA parsing functionality of Computerinsel Photoline 20.02. A specially crafted .TGA file can cause an out of bounds write resulting in potential code execution. An attacker can send a specific .TGA file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-12106 |
CVE-2017-2880 | An memory corruption vulnerability exists in the .GIF parsing functionality of Computerinsel Photoline 20.02. A specially crafted .GIF file can cause a vulnerability resulting in potential code execution. An attacker can send specific .GIF file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2880 |
CVE-2017-2920 | An memory corruption vulnerability exists in the .SVG parsing functionality of Computerinsel Photoline 20.02. A specially crafted .SVG file can cause a vulnerability resulting in memory corruption, which can potentially lead to arbitrary code execution. An attacker can send a specific .SVG file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2920 |
CVE-2017-12110 | An exploitable integer overflow vulnerability exists in the xls_appendSST function of libxls 1.4.A specially crafted XLS file can cause memory corruption resulting in remote code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-12110 |
CVE-2017-12111 | An exploitable out-of-bounds vulnerability exists in the xls_addCell function of libxls 1.4. A specially crafted XLS file with a formula record can cause memory corruption resulting in remote code execution. An attacker can send a malicious XLS file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-12111 |
CVE-2017-2896 | An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2896 |
CVE-2017-2897 | An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2897 |
CVE-2017-2919 | An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2919 |
CVE-2017-2886 | A memory corruption vulnerability exists in the .PSD parsing functionality of ACDSee Ultimate 10.0.0.292. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in potential code execution. An attacker can send a specific .PSD file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2886 |
CVE-2018-3886 | A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3886 |
CVE-2018-3887 | A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3887 |
CVE-2018-3888 | A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3888 |
CVE-2018-3861 | A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3861 |
CVE-2018-3862 | A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3862 |
CVE-2018-3868 | A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3868 |
CVE-2018-3889 | A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3889 |
CVE-2016-8728 | An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code execution. Victim needs to open the specially crafted file in a vulnerable reader in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-8728 |
CVE-2016-8729 | An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the victim to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-8729 |
CVE-2016-8730 | An of bound write / memory corruption vulnerability exists in the GIF parsing functionality of Core PHOTO-PAINT X8 18.1.0.661. A specially crafted GIF file can cause a vulnerability resulting in potential memory corruption resulting in code execution. An attacker can send the victim a specific GIF file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-8730 |
CVE-2016-8732 | Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. Weak restrictions on the driver communication channel and additional insufficient checks allow any application to turn off some of the protection mechanisms provided by the Invincea product. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-8732 |
CVE-2016-9038 | An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corruption, which could result in privilege escalation. An attacker needs to execute a special application locally to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-9038 |
CVE-2016-9043 | An out of bound write vulnerability exists in the EMF parsing functionality of CorelDRAW X8 (CdrGfx - Corel Graphics Engine (64-Bit) - 18.1.0.661). A specially crafted EMF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific EMF file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-9043 |
CVE-2017-12081 | An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-12081 |
CVE-2017-12082 | An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to edit an object within a .blend library in their Scene in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-12082 |
CVE-2017-12086 | An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-12086 |
CVE-2017-12099 | An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-12099 |
CVE-2017-12100 | An exploitable integer overflow exists in the 'multires_load_old_dm' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-12100 |
CVE-2017-12101 | An exploitable integer overflow exists in the 'modifier_mdef_compact_influences' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-12101 |
CVE-2017-12102 | An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-12102 |
CVE-2017-12103 | An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-12103 |
CVE-2017-12104 | An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-12104 |
CVE-2017-12105 | An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-12105 |
CVE-2017-12107 | An memory corruption vulnerability exists in the .PCX parsing functionality of Computerinsel Photoline 20.02. A specially crafted .PCX file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .PCX file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-12107 |
CVE-2017-2803 | A remote out of bound write vulnerability exists in the TIFF parsing functionality of Core PHOTO-PAINT X8 version 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific TIFF file to trigger this vulnerability. This vulnerability only exists in the 64-bit version. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2803 |
CVE-2017-2804 | A remote out of bound write vulnerability exists in the TIFF parsing functionality of Core PHOTO-PAINT X8 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific TIFF file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2804 |
CVE-2017-2811 | A code execution vulnerability exists in the Kakadu SDK 7.9's parsing of compressed JPEG 2000 images. A specially crafted JPEG 2000 file can be read by the program, and can lead to an out of bounds write causing an exploitable condition to arise. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2811 |
CVE-2017-2812 | A code execution vulnerability exists in the kdu_buffered_expand function of the Kakadu SDK 7.9. A specially crafted JPEG 2000 file can be read by the program and can lead to an out of bounds write causing an exploitable condition to arise. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2812 |
CVE-2017-2840 | A buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2840 |
CVE-2017-2899 | An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.tif' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2899 |
CVE-2017-2900 | An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.png' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2900 |
CVE-2017-2901 | An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2901 |
CVE-2017-2902 | An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2902 |
CVE-2017-2903 | An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2903 |
CVE-2017-2904 | An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.hdr' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2904 |
CVE-2017-2905 | An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2905 |
CVE-2017-2906 | An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2906 |
CVE-2017-2907 | An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2907 |
CVE-2017-2908 | An exploitable integer overflow exists in the thumbnail functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to render the thumbnail for the file while in the File->Open dialog. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2908 |
CVE-2017-2918 | An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2918 |
CVE-2018-3836 | An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3836 |
CVE-2018-3844 | In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted DOCX document can lead to a use-after-free resulting in direct code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3844 |
CVE-2018-3845 | In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3845 |
CVE-2018-3851 | In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, an exploitable stack-based buffer overflow exists in the DOC-to-HTML conversion functionality of the Hyland Perceptive Document Filters version 11.4.0.2647. A crafted .doc document can lead to a stack-based buffer, resulting in direct code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3851 |
CVE-2018-3855 | In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3855 |
CVE-2016-8390 | An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Disassembler 3.11.20. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file with specific section headers to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-8390 |
CVE-2018-3853 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3853 |
CVE-2018-3929 | An exploitable heap corruption exists in the PowerPoint document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted PowerPoint (PPT) document can lead to heap corruption, resulting in remote code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3929 |
CVE-2018-3930 | In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `vbgetfp` method. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3930 |
CVE-2018-3931 | In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `putShapeProperty` method. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3931 |
CVE-2018-3932 | An exploitable stack-based buffer overflow exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft Word (DOC) document can lead to a stack-based buffer overflow, resulting in remote code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3932 |
CVE-2018-3933 | An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `vbputanld` method. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3933 |
CVE-2018-3936 | In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3936 |
CVE-2018-3857 | An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3858. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3857 |
CVE-2018-3858 | An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain the ability to execute code. A different vulnerability than CVE-2018-3857. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3858 |
CVE-2018-3859 | An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3860. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3859 |
CVE-2018-3860 | An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain the ability to execute code. A different vulnerability than CVE-2018-3859. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3860 |
CVE-2018-3870 | An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3871. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3870 |
CVE-2018-3871 | An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3870. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3871 |
CVE-2018-3921 | A memory corruption vulnerability exists in the PSD-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PSD image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver a PSD image to trigger this vulnerability and gain code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3921 |
CVE-2018-3922 | A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. A specially crafted ANI image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver an ANI image to trigger this vulnerability and gain code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3922 |
CVE-2018-3923 | A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3923 |
CVE-2018-3924 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3924 |
CVE-2018-3939 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3939 |
CVE-2018-5546 | The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-5546 |
CVE-2018-3912 | On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. The strcpy call overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey" value in order to exploit this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3912 |
CVE-2018-3916 | An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 136 bytes. An attacker can send an arbitrarily long 'directory' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3916 |
CVE-2017-2777 | An exploitable heap overflow vulnerability exists in the ipStringCreate function of Iceni Argus Version 6.6.05. A specially crafted pdf file can cause an integer overflow resulting in heap overflow. An attacker can send file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2777 |
CVE-2018-3914 | An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 2000 bytes. An attacker can send an arbitrarily long "sessionToken" value in order to exploit this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3914 |
CVE-2018-3975 | An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor 3.2.6 version. A specially crafted RTF file can leverage an uninitialized stack address, resulting in an out-of-bounds write, which in turn could lead to code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3975 |
CVE-2018-3978 | An exploitable out-of-bounds write vulnerability exists in the Word Document parser of the Atlantis Word Processor 3.0.2.3, 3.0.2.5. A specially crafted document can cause Atlantis to write a value outside the bounds of a heap allocation, resulting in a buffer overflow. An attacker must convince a victim to open a document in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3978 |
CVE-2018-3981 | An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3981 |
CVE-2018-3982 | An exploitable arbitrary write vulnerability exists in the Word document parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can prevent Atlas from adding elements to an array that is indexed by a loop. When reading from this array, the application will use an out-of-bounds index which can result in arbitrary data being read as a pointer. Later, when the application attempts to write to said pointer, an arbitrary write will occur. This can allow an attacker to further corrupt memory, which leads to code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3982 |
CVE-2018-3984 | An exploitable uninitialized length vulnerability exists within the Word document-parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can cause Atlantis to skip initializing a value representing the number of columns of a table. Later, the application will use this as a length within a loop that will write to a pointer on the heap. Due to this value being controlled, a buffer overflow will occur, which can lead to code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3984 |
CVE-2018-3998 | An exploitable heap-based buffer overflow vulnerability exists in the Windows enhanced metafile parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause an undersized allocation, resulting in an overflow when the application tries to copy data into it. An attacker must convince a victim to open a document in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3998 |
CVE-2018-3999 | An exploitable stack-based buffer overflow vulnerability exists in the JPEG parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause a length to be miscalculated and underflow. This length is then treated as unsigned and then used in a copying operation. Due to the length underflow, the application will then write outside the bounds of a stack buffer, resulting in a buffer overflow. An attacker must convince a victim to open a document in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3999 |
CVE-2018-4000 | An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice, resulting in a double-free vulnerability when both the references go out of scope. An attacker must convince a victim to open a document in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-4000 |
CVE-2018-4001 | An exploitable uninitialized pointer vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause an uninitialized pointer representing a TTableRow to be assigned to a variable on the stack. This variable is later dereferenced and then written to allow for controlled heap corruption, which can lead to code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-4001 |
CVE-2018-3943 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3943 |
CVE-2018-3944 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3944 |
CVE-2018-3957 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Keywords property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3957 |
CVE-2018-3958 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Subject property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3958 |
CVE-2018-3959 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Author property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3959 |
CVE-2018-3960 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Producer property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3960 |
CVE-2018-3961 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Creator property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3961 |
CVE-2018-3946 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3946 |
CVE-2018-3964 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3964 |
CVE-2018-3965 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3965 |
CVE-2018-3966 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3966 |
CVE-2018-3967 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3967 |
CVE-2018-3993 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3993 |
CVE-2018-3994 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3994 |
CVE-2018-3995 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3995 |
CVE-2018-3940 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused. An attacker needs to trick the user to open the malicious file to trigger. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3940 |
CVE-2018-3941 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3941 |
CVE-2018-3942 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3942 |
CVE-2018-3945 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3945 |
CVE-2018-3992 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3992 |
CVE-2018-3996 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3996 |
CVE-2018-3997 | An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3997 |
CVE-2018-3971 | An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to write data under controlled by an attacker address, resulting in memory corruption. An attacker can send IRP request to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3971 |
CVE-2018-4022 | A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v25.0.0 handles the MKV (matroska) file format. A specially crafted MKV file can cause arbitrary code execution in the context of the current user. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-4022 |
CVE-2018-4038 | An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted value as a length to a constructor. This constructor will miscalculate a length and then use it to calculate the position to write a null byte. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-4038 |
CVE-2018-4039 | An exploitable out-of-bounds write vulnerability exists in the PNG implementation of Atlantis Word Processor, version 3.2.7.2. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-4039 |
CVE-2018-4040 | An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a pointer that has been uninitialized and then write to it. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-4040 |
CVE-2018-3990 | An exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). A specially crafted IRP request can cause a buffer overflow, resulting in kernel memory corruption and, potentially, privilege escalation. An attacker can send an IRP request to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3990 |
CVE-2018-3973 | An exploitable out of bounds write exists in the CAL parsing functionality of Canvas Draw version 5.0.0. A specially crafted CAL image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3973 |
CVE-2018-3976 | An exploitable out-of-bounds write exists in the CALS Raster file format-parsing functionality of Canvas Draw version 5.0.0.28. A specially crafted CAL image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a CAL image to trigger this vulnerability and gain code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3976 |
CVE-2018-3980 | An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3980 |
CVE-2018-4054 | A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine to successfully exploit this flaw. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-4054 |
CVE-2019-5015 | A local privilege escalation vulnerability exists in the Mac OS X version of Pixar Renderman 22.3.0's Install Helper helper tool. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine for a successful exploit. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5015 |
CVE-2018-3969 | An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing unverified commands. To trigger this vulnerability, a local attacker needs to be able to write into /config/dhcpd.conf. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3969 |
CVE-2018-4050 | An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally adjust folder permissions leading to execution of arbitrary code with elevated privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-4050 |
CVE-2018-3974 | An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's install directory. An attacker can overwrite an executable that is launched as a system service on boot by default to exploit this vulnerability and execute arbitrary code with system privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3974 |
CVE-2018-4049 | An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's “Games” directory, version 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of installed games to exploit this vulnerability and execute arbitrary code with elevated privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-4049 |
CVE-2018-4008 | An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit this bug. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-4008 |
CVE-2018-4009 | An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit this bug. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-4009 |
CVE-2018-4005 | An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the configureRoutingWithCommand function. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a successful exploit. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-4005 |
CVE-2018-4006 | An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to exploit it successfully. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-4006 |
CVE-2019-11354 | The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices communication. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-11354 |
CVE-2018-4048 | An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute arbitrary code with SYSTEM privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-4048 |
CVE-2019-12802 | In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (invalid memory access in r_egg_lang_parsechar; invalid free in rcc_pusharg). | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-12802 |
CVE-2019-13602 | An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13602 |
CVE-2019-13104 | In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-13104 |
CVE-2019-5045 | A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5045 |
CVE-2019-5046 | A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5046 |
CVE-2019-5047 | An exploitable Use After Free vulnerability exists in the CharProcs parsing functionality of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a Use After Free. An attacker can craft a malicious PDF to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5047 |
CVE-2019-5048 | A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5048 |
CVE-2019-5050 | A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5050 |
CVE-2019-5053 | An exploitable use-after-free vulnerability exists in the Length parsing function of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a use-after-free condition. An attacker can craft a malicious PDF to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5053 |
CVE-2019-5012 | An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the startProcess command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a successful exploit. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5012 |
CVE-2019-5013 | An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the start/stopLaunchDProcess command. The command takes a user-supplied string argument and executes launchctl under root context. A user with local access can use this vulnerability to raise load arbitrary launchD agents. An attacker would need local access to the machine for a successful exploit. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5013 |
CVE-2018-3983 | An exploitable uninitialized pointer vulnerability exists in the Word document parser of the the Atlantis Word Processor. A specially crafted document can cause an array fetch to return an uninitialized pointer and then performs some arithmetic before writing a value to the result. Usage of this uninitialized pointer can allow an attacker to corrupt heap memory resulting in code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3983 |
CVE-2019-5088 | An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 14.0.7 x64. A specially crafted BMP file can cause an out-of-bounds memory write, allowing a potential attacker to execute arbitrary code on the victim machine. Can trigger this vulnerability by sending the user a specially crafted BMP file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5088 |
CVE-2019-5089 | An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 4.0.7 x64. A specially crafted JPEG file can cause an out-of-bounds memory write, allowing an attacker to execute arbitrary code on the victim machine. An attacker could exploit a vulnerability by providing the user with a specially crafted JPEG file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5089 |
CVE-2019-5084 | An exploitable heap out-of-bounds write vulnerability exists in the TIF-parsing functionality of LEADTOOLS 20. A specially crafted TIF image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An attacker can specially craft a TIF image to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5084 |
CVE-2019-5099 | An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. A specially crafted CMP image file can cause an integer underflow, potentially resulting in code execution. An attacker can specially craft a CMP image to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5099 |
CVE-2019-5100 | An exploitable integer overflow vulnerability exists in the BMP header parsing functionality of LEADTOOLS 20. A specially crafted BMP image file can cause an integer overflow, potentially resulting in code execution. An attacker can specially craft a BMP image to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5100 |
CVE-2019-5125 | An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20. A specially crafted J2K image file can cause an out of bounds write of a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5125 |
CVE-2019-2214 | In binder_transaction of binder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-136210786References: Upstream kernel | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-2214 |
CVE-2019-5071 | An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route (AC9V1.0 Firmware V15.03.05.16multiTRU). A specially crafted HTTP POST request can cause a command injection in the DNS1 post parameters, resulting in code execution. An attacker can send HTTP POST request with command to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5071 |
CVE-2019-5072 | An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route (AC9V1.0 Firmware V15.03.05.16multiTRU). A specially crafted HTTP POST request can cause a command injection in the DNS2 post parameters, resulting in code execution. An attacker can send HTTP POST request with command to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5072 |
CVE-2019-5164 | An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5164 |
CVE-2020-9362 | The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GPFLAG in a ZIP archive. This affects Total Security, Home Security, Total Security Multi-Device, Internet Security, Total Security for Mac, AntiVirus Pro, AntiVirus for Server, and Total Security for Android. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-9362 |
CVE-2020-9363 | The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protection products because the virus would be detected upon extraction. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-9363 |
CVE-2020-6074 | An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6074 |
CVE-2020-6092 | An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. A specially crafted PDF file can trigger an integer overflow that can lead to arbitrary code execution. In order to trigger this vulnerability, victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6092 |
CVE-2020-6089 | An exploitable code execution vulnerability exists in the ANI file format parser of Leadtools 20. A specially crafted ANI file can cause a buffer overflow resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6089 |
CVE-2020-6070 | An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6070 |
CVE-2020-24346 | njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-24346 |
CVE-2020-6152 | A code execution vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.7. A specially crafted malformed file can cause an out-of-bounds write. An attacker can trigger this vulnerability by providing a victim with a malicious DICOM file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6152 |
CVE-2020-6112 | An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stripes in the tile which allow for the decoder to write out of-bounds and cause memory corruption. This can result in code execution. A specially crafted image can be embedded inside a PDF and loaded by a victim in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6112 |
CVE-2020-6113 | An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate memory for the list of indirect objects. Due to an error when calculating this size, an integer overflow may occur which can result in an undersized buffer being allocated. Later when initializing this buffer, the application can write outside its bounds which can cause a memory corruption that can lead to code execution. A specially crafted document can be delivered to a victim in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6113 |
CVE-2020-6115 | An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. While searching for an object identifier in a malformed document that is missing from the cross-reference table, the application will save a reference to the object’s cross-reference table entry inside a stack variable. If the referenced object identifier is not found, the application may resize the cross-reference table which can change the scope of its entry. Later when the application tries to reference cross-reference entry via the stack variable, the application will access memory belonging to the recently freed table causing a use-after-free condition. A specially crafted document can be delivered by an attacker and loaded by a victim in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6115 |
CVE-2020-6116 | An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colorspace, the application can miscalculate the size of a buffer when allocating space for its colors. When using this allocated buffer, the application can write outside its bounds and cause memory corruption which can lead to code execution. A specially crafted document must be loaded by a victim in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6116 |
CVE-2020-6105 | An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6105 |
CVE-2020-6108 | An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6108 |
CVE-2020-13536 | An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13536 |
CVE-2020-13537 | An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality and among them the mosquitto executable is also run. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13537 |
CVE-2020-6147 | A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6147 |
CVE-2020-6148 | A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6148 |
CVE-2020-6149 | A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance in USDC file format PATHS section. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6149 |
CVE-2020-6150 | A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6150 |
CVE-2020-6155 | A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. A specially crafted malformed file can trigger a heap overflow, which can result in remote code execution. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6155 |
CVE-2020-6156 | A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance USDC file format path element token index. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6156 |
CVE-2020-13493 | A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13493 |
CVE-2020-13542 | A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing arbitrary commands with System privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13542 |
CVE-2020-13520 | An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs paths from binary USD files. A specially crafted malformed file can trigger an out of bounds memory modification which can result in remote code execution. To trigger this vulnerability, victim needs to access an attacker-provided malformed file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13520 |
CVE-2020-13535 | A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. In its default configuration, an attacker can globally overwrite service configuration to execute arbitrary code with NT SYSTEM privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13535 |
CVE-2020-13539 | An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via “WIN-911 Mobile Runtime” service. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13539 |
CVE-2020-13540 | An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13540 |
CVE-2020-13544 | An exploitable sign extension vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to sign-extend a length used to terminate a loop, which can later result in the loop’s index being used to write outside the bounds of a heap buffer during the reading of file data. An attacker can entice the victim to open a document to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13544 |
CVE-2020-13545 | An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based memory corruption. An attacker can entice the victim to open a document to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13545 |
CVE-2020-13579 | An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation. Later when copying data from the file into this allocation, a heap-based buffer overflow will occur which can corrupt memory. These types of memory corruptions can allow for code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13579 |
CVE-2020-13580 | An exploitable heap-based buffer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser to explicitly trust a length from a particular record type and use it to write a 16-bit null relative to a buffer allocated on the stack. Due to a lack of bounds-checking on this value, this can allow an attacker to write to memory outside of the buffer and controllably corrupt memory. This can allow an attacker to earn code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13580 |
CVE-2020-27247 | A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0002, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-27247 |
CVE-2020-27248 | A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0003 and 0x0014, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-27248 |
CVE-2020-27249 | A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0004 and 0x0015, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-27249 |
CVE-2020-13546 | In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1014), a specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13546 |
CVE-2020-13581 | In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a buffer that is smaller than the size used for the copy which will cause a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13581 |
CVE-2020-27250 | In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow at Version/Instance 0x0005 and 0x0016. An attacker can entice the victim to open a document to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-27250 |
CVE-2020-28595 | An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-28595 |
CVE-2020-28596 | A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-28596 |
CVE-2020-13549 | An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13549 |
CVE-2020-28587 | A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-28587 |
CVE-2021-3410 | A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-3410 |
CVE-2020-28599 | A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-28599 |
CVE-2020-13554 | An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13554 |
CVE-2021-21773 | An out-of-bounds write vulnerability exists in the TIFF header count-processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21773 |
CVE-2021-21776 | An out-of-bounds write vulnerability exists in the SGI Format Buffer Size Processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21776 |
CVE-2021-29154 | BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-29154 |
CVE-2020-13532 | A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13532 |
CVE-2020-13533 | A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which reference binaries with weak permissions, can be abused by attackers to effectively ‘backdoor’ the installation files and escalate privileges when a new user logs in and uses the application. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13533 |
CVE-2020-13534 | A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers (CLSID), installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13534 |
CVE-2020-27228 | An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-27228 |
CVE-2021-21784 | An out-of-bounds write vulnerability exists in the JPG format SOF marker processing of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21784 |
CVE-2021-31784 | An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021.6 on all supported by ODA platforms in static configuration. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31784 |
CVE-2021-21822 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening a malicious file or site to trigger this vulnerability if the browser plugin extension is enabled. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21822 |
CVE-2020-28600 | An out-of-bounds write vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-28600 |
CVE-2021-30498 | A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other potential consequences. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-30498 |
CVE-2021-30499 | A flaw was found in libcaca. A buffer overflow of export.c in function export_troff might lead to memory corruption and other potential consequences. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-30499 |
CVE-2021-21808 | A memory corruption vulnerability exists in the PNG png_palette_process functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide malicious inputs to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21808 |
CVE-2021-21824 | An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420 functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21824 |
CVE-2021-32946 | An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-32946 |
CVE-2021-32936 | An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-32936 |
CVE-2021-32944 | A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-32944 |
CVE-2021-32948 | An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-32948 |
CVE-2021-27041 | A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-27041 |
CVE-2021-27042 | A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. The vulnerability exists because the application fails to handle a crafted DWG file, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-27042 |
CVE-2021-21871 | A memory corruption vulnerability exists in the DMG File Format Handler functionality of PowerISO 7.9. A specially crafted DMG file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. The vendor fixed it in a bug-release of the current version. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21871 |
CVE-2021-21786 | A privilege escalation vulnerability exists in the IOCTL 0x9c406144 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead to increased privileges. An attacker can send a malicious IRP to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21786 |
CVE-2021-21821 | A stack-based buffer overflow vulnerability exists in the PDF process_fontname functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21821 |
CVE-2020-28598 | An out-of-bounds write vulnerability exists in the Admesh stl_fix_normal_directions() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted AMF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-28598 |
CVE-2021-21794 | An out-of-bounds write vulnerability exists in the TIF bits_per_sample processing functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21794 |
CVE-2021-27033 | A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within affected installations of Autodesk Design Review 2018, 2017, 2013, 2012, 2011. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-27033 |
CVE-2021-27035 | A maliciously crafted TIFF, TIF, PICT, TGA, or DWF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA or DWF files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-27035 |
CVE-2021-27036 | A maliciously crafted PCX, PICT, RCL, TIF, BMP, PSD or TIFF file can be used to write beyond the allocated buffer while parsing PCX, PDF, PICT, RCL, BMP, PSD or TIFF files. This vulnerability can be exploited to execute arbitrary code | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-27036 |
CVE-2021-27037 | A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by remote malicious actors to execute arbitrary code. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-27037 |
CVE-2021-27038 | A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can occur when processing a maliciously crafted PDF file. A malicious actor can leverage this to execute arbitrary code. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-27038 |
CVE-2021-27039 | A maliciously crafted TIFF and PCX file can be forced to read and write beyond allocated boundaries when parsing the TIFF and PCX file for based overflow. This vulnerability can be exploited to execute arbitrary code. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-27039 |
CVE-2021-21864 | A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21864 |
CVE-2021-21865 | A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21865 |
CVE-2021-21866 | A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21866 |
CVE-2021-21863 | A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21863 |
CVE-2021-21812 | A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs’ Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strcpy copying the path provided by the user into a static sized buffer without any length checks resulting in a stack-buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21812 |
CVE-2021-21813 | Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to memcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a stack-buffer overflow. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21813 |
CVE-2021-21814 | Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strlen to determine the ending location of the char* passed in by the user, no checks are done to see if the passed in char* is longer than the staticly sized buffer data is memcpy‘d into, but after the memcpy a null byte is written to what is assumed to be the end of the buffer to terminate the char*, but without length checks, this null write occurs at an arbitrary offset from the buffer. An attacker can provide malicious input to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21814 |
CVE-2021-21815 | A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs' Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a stack-buffer overflow. An attacker can provide malicious input to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21815 |
CVE-2020-28594 | A use-after-free vulnerability exists in the _3MF_Importer::_handle_end_model() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-28594 |
CVE-2021-21862 | Multiple exploitable integer truncation vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption The implementation of the parser used for the “Xtra” FOURCC code is handled. An attacker can convince a user to open a video to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21862 |
CVE-2021-21867 | An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21867 |
CVE-2021-21868 | An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21868 |
CVE-2021-21869 | An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21869 |
CVE-2021-30713 | A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-30713 |
CVE-2021-21798 | An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger the vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21798 |
CVE-2021-40157 | A user may be tricked into opening a malicious FBX file which may exploit an Untrusted Pointer Dereference vulnerability in FBX’s Review version 1.5.0 and prior causing it to run arbitrary code on the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40157 |
CVE-2021-2464 | Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and 8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux executes to compromise Oracle Linux. Successful attacks of this vulnerability can result in takeover of Oracle Linux. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-2464 |
CVE-2021-21796 | An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause an object containing the path to a document to be destroyed and then later reused, resulting in a use-after-free vulnerability, which can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21796 |
CVE-2021-21797 | An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a reference to a timeout object to be stored in two different places. When closed, the document will result in the reference being released twice. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21797 |
CVE-2021-31359 | A local privilege escalation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to cause the Juniper DHCP daemon (jdhcpd) process to crash, resulting in a Denial of Service (DoS), or execute arbitrary commands as root. Continued processing of malicious input will repeatedly crash the system and sustain the Denial of Service (DoS) condition. Systems are only vulnerable if jdhcpd is running, which can be confirmed via the 'show system processes' command. For example: root@host# run show system processes extensive | match dhcp 26537 root -16 0 97568K 13692K RUN 0 0:01 3.71% jdhcpd This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31359 |
CVE-2021-42726 | Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-42726 |
CVE-2021-42721 | Acrobat Bridge versions 11.1.1 and earlier are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-42721 |
CVE-2021-42723 | Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted SGI file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-42723 |
CVE-2021-21910 | A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21910 |
CVE-2021-21911 | A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21911 |
CVE-2021-21912 | A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21912 |
CVE-2021-40394 | An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40394 |
CVE-2021-40160 | PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40160 |
CVE-2021-40161 | A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40161 |
CVE-2022-23033 | arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if the entry doesn't have the valid bit set. It is possible to have a valid pagetable entry without the valid bit set when a guest operating system uses set/way cache maintenance instructions. For instance, a guest issuing a set/way cache maintenance instruction, then calling the XENMEM_decrease_reservation hypercall to give back memory pages to Xen, might be able to retain access to those pages even after Xen started reusing them for other purposes. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23033 |
CVE-2021-40167 | A malicious crafted dwf file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40167 |
CVE-2021-40388 | A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40388 |
CVE-2021-40389 | A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40389 |
CVE-2021-40396 | A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40396 |
CVE-2021-40397 | A privilege escalation vulnerability exists in the installation of Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40397 |
CVE-2021-4034 | A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-4034 |
CVE-2021-40401 | A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40401 |
CVE-2022-23946 | A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23946 |
CVE-2022-23947 | A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23947 |
CVE-2021-46363 | An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-46363 |
CVE-2021-46365 | An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-46365 |
CVE-2021-21958 | A heap-based buffer overflow vulnerability exists in the Hword HwordApp.dll functionality of Hancom Office 2020 11.0.0.2353. A specially-crafted malformed file can lead to memory corruption and potential arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21958 |
CVE-2022-23803 | A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23803 |
CVE-2022-23804 | A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadIJCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23804 |
CVE-2022-25372 | Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25372 |
CVE-2021-46162 | A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15048) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-46162 |
CVE-2022-0492 | A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0492 |
CVE-2022-1011 | A flaw use after free in the Linux kernel FUSE filesystem was found in the way user triggers write(). A local user could use this flaw to get some unauthorized access to some data from the FUSE filesystem and as result potentially privilege escalation too. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1011 |
CVE-2022-22819 | NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers (ROM version 1B) have a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker to achieve non-persistent code execution via a crafted unsigned update. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22819 |
CVE-2022-28388 | usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28388 |
CVE-2022-28389 | mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28389 |
CVE-2022-28390 | ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28390 |
CVE-2022-23699 | A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23699 |
CVE-2022-26358 | IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26358 |
CVE-2022-26359 | IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26359 |
CVE-2022-26360 | IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26360 |
CVE-2022-26361 | IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26361 |
CVE-2022-26250 | Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26250 |
CVE-2022-1237 | Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1237 |
CVE-2022-1238 | Heap-based Buffer Overflow in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1238 |
CVE-2022-23440 | A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23440 |
CVE-2022-1240 | Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I think it is very likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1240 |
CVE-2021-26104 | Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-26104 |
CVE-2021-43138 | A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2) , which could let a malicious user obtain privileges via the mapValues() method. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-43138 |
CVE-2022-20762 | A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure (SMI) software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in the affected CLI. An attacker could exploit this vulnerability by authenticating as a CEE ConfD CLI user and executing a specific CLI command. A successful exploit could allow an attacker to access privileged containers with root privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20762 |
CVE-2022-22516 | The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22516 |
CVE-2021-43515 | CSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting to a CSV file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-43515 |
CVE-2022-28893 | The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28893 |
CVE-2022-0556 | A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0556 |
CVE-2022-27088 | Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27088 |
CVE-2022-27089 | In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27089 |
CVE-2022-1262 | A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1262 |
CVE-2022-1316 | ZeroTierOne for windows local privilege escalation because of incorrect directory privilege in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1316 |
CVE-2022-22962 | VMware Horizon Client for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22962 |
CVE-2022-22964 | VMware Horizon Client for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22964 |
CVE-2022-25789 | A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25789 |
CVE-2022-25790 | A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25790 |
CVE-2022-25791 | A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25791 |
CVE-2022-25792 | A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability can be exploited to execute arbitrary code. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25792 |
CVE-2022-25794 | An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code “ABC” files or information disclosure. ABC files are created by the Flash compiler and contain executable code. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25794 |
CVE-2022-25796 | A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25796 |
CVE-2022-26092 | Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26092 |
CVE-2022-27528 | A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27528 |
CVE-2022-27578 | An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its content. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27578 |
CVE-2022-27826 | Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27826 |
CVE-2022-27827 | Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27827 |
CVE-2022-27828 | Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27828 |
CVE-2022-27829 | Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27829 |
CVE-2022-27830 | Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27830 |
CVE-2022-27833 | Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27833 |
CVE-2022-27835 | Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27835 |
CVE-2022-27836 | Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. The patch adds proper validation logic to prevent arbitrary files access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27836 |
CVE-2022-27837 | A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0) allows attacker to access the file with system privilege. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27837 |
CVE-2022-27838 | Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27838 |
CVE-2022-27842 | DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27842 |
CVE-2022-27843 | DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 allows attacker to execute abitrary code. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27843 |
CVE-2022-28541 | Uncontrolled search path element vulnerability in Samsung Update prior to version 3.0.77.0 allows attackers to execute arbitrary code as Samsung Update permission. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28541 |
CVE-2022-28776 | Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28776 |
CVE-2022-28779 | Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary code. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28779 |
CVE-2021-42029 | A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-42029 |
CVE-2022-23448 | A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local unprivileged attacker to achieve code execution with ADMINISTRATOR or even NT AUTHORITY/SYSTEM privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23448 |
CVE-2022-28663 | A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15592) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28663 |
CVE-2021-39794 | In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-205836329 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-39794 |
CVE-2021-39797 | In several functions of of LauncherApps.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-209607104 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-39797 |
CVE-2021-39798 | In Bitmap_createFromParcel of Bitmap.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213169612 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-39798 |
CVE-2021-39799 | In AttributionSource of AttributionSource.java, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-200288596 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-39799 |
CVE-2021-39801 | In ion_ioctl of ion-ioctl.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-209791720References: Upstream kernel | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-39801 |
CVE-2021-39802 | In change_pte_range of mprotect.c , there is a possible way to make a shared mmap writable due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213339151References: Upstream kernel | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-39802 |
CVE-2022-24383 | The affected product is vulnerable to an out-of-bounds read, which may result in code execution | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24383 |
CVE-2022-22008 | Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22009, CVE-2022-23257, CVE-2022-24537. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22008 |
CVE-2022-22009 | Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-23257, CVE-2022-24537. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22009 |
CVE-2022-24473 | Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26901. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24473 |
CVE-2022-24474 | Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24542. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24474 |
CVE-2022-24479 | Connected User Experiences and Telemetry Elevation of Privilege Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24479 |
CVE-2022-24481 | Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24521. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24481 |
CVE-2022-24486 | Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24544. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24486 |
CVE-2022-24488 | Windows Desktop Bridge Elevation of Privilege Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24488 |
CVE-2022-24489 | Cluster Client Failover (CCF) Elevation of Privilege Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24489 |
CVE-2022-24494 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24494 |
CVE-2022-24496 | Local Security Authority (LSA) Elevation of Privilege Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24496 |
CVE-2022-24499 | Windows Installer Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24530. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24499 |
CVE-2022-24513 | Visual Studio Elevation of Privilege Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24513 |
CVE-2022-24521 | Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24481. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24521 |
CVE-2022-24527 | Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24527 |
CVE-2022-24530 | Windows Installer Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24499. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24530 |
CVE-2022-24532 | HEVC Video Extensions Remote Code Execution Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24532 |
CVE-2022-24537 | Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-22009, CVE-2022-23257. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24537 |
CVE-2022-24542 | Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24474. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24542 |
CVE-2022-24543 | Windows Upgrade Assistant Remote Code Execution Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24543 |
CVE-2022-24544 | Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24486. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24544 |
CVE-2022-24546 | Windows DWM Core Library Elevation of Privilege Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24546 |
CVE-2022-24547 | Windows Digital Media Receiver Elevation of Privilege Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24547 |
CVE-2022-24549 | Windows AppX Package Manager Elevation of Privilege Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24549 |
CVE-2022-24550 | Windows Telephony Server Elevation of Privilege Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24550 |
CVE-2022-26786 | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26786 |
CVE-2022-26787 | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26787 |
CVE-2022-26788 | PowerShell Elevation of Privilege Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26788 |
CVE-2022-26789 | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26789 |
CVE-2022-26790 | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26790 |
CVE-2022-26791 | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26791 |
CVE-2022-26792 | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26792 |
CVE-2022-26793 | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26793 |
CVE-2022-26794 | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26794 |
CVE-2022-26795 | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26795 |
CVE-2022-26796 | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26796 |
CVE-2022-26797 | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26797 |
CVE-2022-26798 | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26798 |
CVE-2022-26801 | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26802, CVE-2022-26803. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26801 |
CVE-2022-26802 | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26803. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26802 |
CVE-2022-26803 | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26803 |
CVE-2022-26810 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26827. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26810 |
CVE-2022-26901 | Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24473. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26901 |
CVE-2022-26903 | Windows Graphics Component Remote Code Execution Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26903 |
CVE-2022-26914 | Win32k Elevation of Privilege Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26914 |
CVE-2022-26916 | Windows Fax Compose Form Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26917, CVE-2022-26918. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26916 |
CVE-2022-26917 | Windows Fax Compose Form Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26916, CVE-2022-26918. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26917 |
CVE-2022-26918 | Windows Fax Compose Form Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26916, CVE-2022-26917. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26918 |
CVE-2022-21491 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-21491 |
CVE-2017-14447 | An exploitable buffer overflow vulnerability exists in the PubNub message handler for the 'ad' channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. | 7.7 | https://nvd.nist.gov/vuln/detail/CVE-2017-14447 |
CVE-2018-4058 | An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability. | 7.7 | https://nvd.nist.gov/vuln/detail/CVE-2018-4058 |
CVE-2020-13550 | A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability. | 7.7 | https://nvd.nist.gov/vuln/detail/CVE-2020-13550 |
CVE-2019-5024 | A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in full administrator access to the underlying operating system. An attacker can connect to the device via USB port with a keyboard or other HID device to trigger this vulnerability. | 7.6 | https://nvd.nist.gov/vuln/detail/CVE-2019-5024 |
CVE-2016-9036 | An exploitable incorrect return value vulnerability exists in the mp_check function of Tarantool's Msgpuck library 1.0.3. A specially crafted packet can cause the mp_check function to incorrectly return success when trying to check if decoding a map16 packet will read outside the bounds of a buffer, resulting in a denial of service vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2016-9036 |
CVE-2016-9037 | An exploitable out-of-bounds array access vulnerability exists in the xrow_header_decode function of Tarantool 1.7.2.0-g8e92715. A specially crafted packet can cause the function to access an element outside the bounds of a global array that is used to determine the type of the specified key's value. This can lead to an out of bounds read within the context of the server. An attacker who exploits this vulnerability can cause a denial of service vulnerability on the server. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2016-9037 |
CVE-2017-5991 | An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-5991 |
CVE-2016-9049 | An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2016-9049 |
CVE-2016-8714 | An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2016-8714 |
CVE-2017-2786 | A denial of service vulnerability exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to an out of bounds read causing a crash and a denial of service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2786 |
CVE-2016-8716 | An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2016-8716 |
CVE-2016-8723 | An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially unexpected HTTP get requests to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2016-8723 |
CVE-2016-8726 | An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2016-8726 |
CVE-2017-2830 | An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2830 |
CVE-2017-2831 | An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2831 |
CVE-2016-6797 | The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2016-6797 |
CVE-2016-6796 | A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2016-6796 |
CVE-2017-2865 | An exploitable vulnerability exists in the firmware update functionality of Circle with Disney. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2865 |
CVE-2017-2884 | An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An attacker needs network connectivity to the device to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2884 |
CVE-2017-2889 | An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker needs network connectivity to the device to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2889 |
CVE-2017-2893 | An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2893 |
CVE-2017-2898 | An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series of packets to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2898 |
CVE-2017-2909 | An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2909 |
CVE-2017-11305 | A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-11305 |
CVE-2017-12119 | An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-12119 |
CVE-2017-14460 | An exploitable overly permissive cross-domain (CORS) whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a malicious website to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-14460 |
CVE-2017-12130 | An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to a server crash and denial of service. An attacker needs to send a DNS query to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-12130 |
CVE-2017-2861 | An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2861 |
CVE-2017-12088 | An exploitable denial of service vulnerability exists in the Ethernet functionality of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted packet can cause a device power cycle resulting in a fault state and deletion of ladder logic. An attacker can send one unauthenticated packet to trigger this vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-12088 |
CVE-2017-12089 | An exploitable denial of service vulnerability exists in the program download functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a device fault resulting in halted operations. An attacker can send an unauthenticated packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-12089 |
CVE-2017-12090 | An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-set commands, can cause a device power cycle resulting in downtime for the device. An attacker can send one packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-12090 |
CVE-2017-12093 | An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resource pool resulting in legitimate connections to the PLC being disconnected. An attacker can send unauthenticated packets to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-12093 |
CVE-2017-2833 | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters resulting in command injection during the boot process. To trigger this vulnerability, an attacker needs to send an HTTP request and reboot the device. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2833 |
CVE-2018-1000168 | nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-1000168 |
CVE-2017-12124 | An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a crafted URI to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-12124 |
CVE-2017-12128 | An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-12128 |
CVE-2017-14435 | An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\\_CFG.ini" without a cookie header to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-14435 |
CVE-2017-14436 | An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\\_CFG2.ini" without a cookie header to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-14436 |
CVE-2017-14437 | An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\\_LOG.ini" without a cookie header to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-14437 |
CVE-2017-14438 | Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-14438 |
CVE-2017-14439 | Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4001/tcp to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-14439 |
CVE-2017-2852 | An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2852 |
CVE-2017-2858 | An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2858 |
CVE-2017-2860 | An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2860 |
CVE-2017-12092 | An exploitable file write vulnerability exists in the memory module functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a file write resulting in a new program being written to the memory module. An attacker can send an unauthenticated packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-12092 |
CVE-2018-3852 | An exploitable denial of service vulnerability exists in the Ocularis Recorder functionality of Ocularis 5.5.0.242. A specially crafted TCP packet can cause a process to terminate resulting in denial of service. An attacker can send a crafted TCP packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-3852 |
CVE-2018-12020 | mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-12020 |
CVE-2018-11040 | Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-11040 |
CVE-2018-3840 | A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x67). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read by the application is not validated, and its use can lead to a null pointer dereference. The IT application is opened by a user and then listens for a connection on port 4001. An attacker can deliver an attack once the application has been opened. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-3840 |
CVE-2018-3841 | A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x69). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read-in is not validated, and its use can lead to a null pointer dereference. The IT application is opened by a user and then listens for a connection on port 4001. An attacker can deliver an attack once the application has been opened. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-3841 |
CVE-2017-16348 | An exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012. Leftover demo functionality allows for arbitrarily rebooting the device without authentication. An attacker can send a UDP packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-16348 |
CVE-2018-3833 | An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the firmware version that is going to be installed and thus allows for flashing older firmware images. To trigger this vulnerability, an attacker needs to impersonate the remote server 'cache.insteon.com' and serve any signed firmware image. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-3833 |
CVE-2018-3918 | An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync' operation, leading to arbitrary deletion of cameras. An attacker can send an HTTP request to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-3918 |
CVE-2018-3908 | An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. With the implementation of the on_body callback, defined by sub_41734, an attacker can send an HTTP request to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-3908 |
CVE-2018-11054 | RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-11054 |
CVE-2017-2874 | An information disclosure vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 can allow for a user to retrieve sensitive information without authentication. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2874 |
CVE-2017-2875 | An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in overwriting arbitrary data. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2875 |
CVE-2017-2878 | An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2878 |
CVE-2017-2876 | An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in overwriting arbitrary data. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2876 |
CVE-2018-17365 | SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-17365 |
CVE-2018-3928 | An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-3928 |
CVE-2018-3898 | An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return address from the ssid_dst field. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-3898 |
CVE-2018-3899 | An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return address from the password_dst field | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-3899 |
CVE-2018-3935 | An exploitable code execution vulnerability exists in the UDP network functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can allocate unlimited memory, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-3935 |
CVE-2018-15769 | RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-15769 |
CVE-2018-19518 | University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-19518 |
CVE-2018-3948 | An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticated or authenticated web request to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-3948 |
CVE-2018-3949 | An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated web request to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-3949 |
CVE-2018-4011 | An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the "RDLENGTH" value is handled incorrectly, leading to an out-of-bounds access that crashes the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4011 |
CVE-2018-4030 | An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The "Host" header is incorrectly extracted from captured HTTP requests, which would allow an attacker to visit any malicious websites and bypass the firewall. An attacker could send an HTTP request to exploit this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4030 |
CVE-2019-0037 | In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environment, the jdhcpd daemon may crash and restart upon receipt of certain DHCPv6 solicit messages received from a DHCPv6 client. By continuously sending the same crafted packet, an attacker can repeatedly crash the jdhcpd process causing a sustained Denial of Service (DoS) to both IPv4 and IPv6 clients. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496; 16.1 versions prior to 16.1R3-S10, 16.1R7-S4; 16.2 versions prior to 16.2R2-S8; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S2; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R1-S2. This issue does not affect Junos OS releases prior to 15.1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-0037 |
CVE-2019-9628 | The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-9628 |
CVE-2019-0227 | A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-0227 |
CVE-2018-4024 | An exploitable denial-of-service vulnerability exists in the thumbnail display functionality of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a null pointer dereference, resulting in a device reboot. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4024 |
CVE-2018-4025 | An exploitable denial-of-service vulnerability exists in the XML_GetRawEncJpg Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause an invalid memory dereference, resulting in a device reboot. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4025 |
CVE-2018-4026 | An exploitable denial-of-service vulnerability exists in the XML_GetScreen Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted set of packets can cause an invalid memory dereference, resulting in a device reboot. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4026 |
CVE-2018-4027 | An exploitable denial-of-service vulnerability exists in the XML_UploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a semaphore deadlock, which prevents the device from receiving any physical or network inputs. An attacker can send a specially crafted packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4027 |
CVE-2018-4028 | An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. The HTTP server could allow an attacker to overwrite the root directory of the server, resulting in a denial of service. An attacker can send an HTTP POST request to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4028 |
CVE-2019-6819 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-6819 |
CVE-2019-3411 | All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Due to some interfaces can obtain the WebUI login password without login, an attacker can exploit the vulnerability to obtain sensitive information about the affected components. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-3411 |
CVE-2018-20843 | In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-20843 |
CVE-2018-7838 | A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-7838 |
CVE-2019-14205 | A Local File Inclusion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to retrieve arbitrary files via the $REQUEST['adaptive-images-settings']['source_file'] parameter in adaptive-images-script.php. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-14205 |
CVE-2019-15046 | Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-15046 |
CVE-2019-5037 | An exploitable denial-of-service vulnerability exists in the Weave certificate loading functionality of Nest Cam IQ Indoor camera, version 4620002. A specially crafted weave packet can cause an integer overflow and an out-of-bounds read on unmapped memory to occur, resulting in a denial of service. An attacker can send a specially crafted packet to trigger. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-5037 |
CVE-2019-5040 | An exploitable information disclosure vulnerability exists in the Weave MessageLayer parsing of Openweave-core version 4.0.2 and Nest Cam IQ Indoor version 4620002. A specially crafted weave packet can cause an integer overflow to occur, resulting in PacketBuffer data reuse. An attacker can send a packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-5040 |
CVE-2019-5036 | An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality of the Nest Cam IQ Indoor, version 4620002. A specially crafted weave packets can cause an arbitrary Weave Exchange Session to close, resulting in a denial of service. An attacker can send a specially crafted packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-5036 |
CVE-2019-16159 | BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-16159 |
CVE-2019-3643 | McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-3643 |
CVE-2019-5054 | An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference, resulting in the HTTP service crashing. An unauthenticated attacker can send a specially crafted HTTP request to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-5054 |
CVE-2019-5055 | An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMessage> service can cause a null pointer dereference, resulting in the hostapd service crashing. An unauthenticated attacker can send a specially-crafted SOAP request to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-5055 |
CVE-2019-8075 | Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-8075 |
CVE-2019-15166 | lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-15166 |
CVE-2019-0205 | In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-0205 |
CVE-2018-4002 | An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. When parsing labels in mDNS packets, the firewall unsafely handles label compression pointers, leading to an uncontrolled recursion that eventually exhausts the stack, crashing the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4002 |
CVE-2019-5010 | An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-5010 |
CVE-2019-5043 | An exploitable denial-of-service vulnerability exists in the Weave daemon of the Nest Cam IQ Indoor, version 4620002. A set of TCP connections can cause unrestricted resource allocation, resulting in a denial of service. An attacker can connect multiple times to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-5043 |
CVE-2019-10172 | A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10172 |
CVE-2019-19244 | sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-19244 |
CVE-2019-5097 | A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the form of GET or POST requests and does not require the requested resource to exist on the server. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-5097 |
CVE-2019-5163 | An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-5163 |
CVE-2019-19603 | SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-19603 |
CVE-2019-5090 | An exploitable information disclosure vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an out-of-bounds read, resulting in information disclosure. An attacker can send a packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-5090 |
CVE-2019-5091 | An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an infinite loop, resulting in a denial of service. An attacker can send a packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-5091 |
CVE-2017-18640 | The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-18640 |
CVE-2019-19880 | exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-19880 |
CVE-2019-19926 | multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-19926 |
CVE-2019-19923 | flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-19923 |
CVE-2019-19925 | zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-19925 |
CVE-2019-12399 | When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalized secrets variables. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-12399 |
CVE-2020-7044 | In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-7044 |
CVE-2020-7241 | The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9} format, guessing UNIX timestamps, and making HTTPS requests with the complete guessed URL. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-7241 |
CVE-2019-20388 | xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-20388 |
CVE-2020-7226 | CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-7226 |
CVE-2020-1940 | The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does not remove it upon processing during the first phase of the authentication. In combination with additional, independent authentication mechanisms, this may lead to the new password being disclosed. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-1940 |
CVE-2020-6060 | A stack buffer overflow vulnerability exists in the way MiniSNMPD version 1.4 handles multiple connections. A specially timed sequence of SNMP connections can trigger a stack overflow, resulting in a denial of service. To trigger this vulnerability, an attacker needs to simply initiate multiple connections to the server. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-6060 |
CVE-2020-6062 | An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-6062 |
CVE-2019-19866 | Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows remote attackers to obtain sensitive information. By iterating the value of conferenceId to getMailFunction in the JSON API, one can enumerate all conferences scheduled on the platform, with their numbers and access PINs. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-19866 |
CVE-2019-5137 | The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-5137 |
CVE-2019-5148 | An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-5148 |
CVE-2020-8659 | CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-8659 |
CVE-2020-5849 | Unraid 6.8.0 allows authentication bypass. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-5849 |
CVE-2020-6582 | Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-6582 |
CVE-2020-6071 | An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-6071 |
CVE-2020-6073 | An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-6073 |
CVE-2020-6077 | An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-6077 |
CVE-2020-6078 | An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-6078 |
CVE-2020-6079 | An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed by rr_decode. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-6079 |
CVE-2020-6080 | An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6]. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-6080 |
CVE-2019-5105 | An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability. All variants of the CODESYS V3 products in all versions prior V3.5.16.10 containing the CmpRouter or CmpRouterEmbedded component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PLCnext, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Edge Gateway V3, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Simulation Runtime (part of the CODESYS Development System). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-5105 |
CVE-2020-6095 | An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-6095 |
CVE-2020-10663 | The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-10663 |
CVE-2020-6098 | An exploitable denial of service vulnerability exists in the freeDiameter functionality of freeDiameter 1.3.2. A specially crafted Diameter request can trigger a memory corruption resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-6098 |
CVE-2020-6097 | An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-6097 |
CVE-2019-0233 | An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-0233 |
CVE-2020-6083 | An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-6083 |
CVE-2020-6086 | An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.If the Simple Segment Sub-Type is supplied, the device treats the byte following as the Data Size in words. When this value represents a size greater than what remains in the packet data, the device enters a fault state where communication with the device is lost and a physical power cycle is required. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-6086 |
CVE-2020-6087 | An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability If the ANSI Extended Symbol Segment Sub-Type is supplied, the device treats the byte following as the Data Size in words. When this value represents a size greater than what remains in the packet data, the device enters a fault state where communication with the device is lost and a physical power cycle is required. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-6087 |
CVE-2020-6084 | An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability by sending an Electronic Key Segment with less bytes than required by the Key Format Table. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-6084 |
CVE-2020-6085 | An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability by sending an Electronic Key Segment with less than 0x18 bytes following the Key Format field. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-6085 |
CVE-2020-6111 | An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000 and Series B FRN 10.000. A specially crafted packet can cause a major error, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-6111 |
CVE-2020-13530 | A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A large number of network requests in a small span of time can cause the running program to stop. An attacker can send a sequence of requests to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-13530 |
CVE-2020-8169 | curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-8169 |
CVE-2020-8231 | Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-8231 |
CVE-2020-13573 | A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-13573 |
CVE-2020-13559 | A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028. A specially crafted packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-13559 |
CVE-2020-36221 | An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-36221 |
CVE-2020-36222 | A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-36222 |
CVE-2020-36223 | A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-36223 |
CVE-2020-36224 | A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-36224 |
CVE-2020-36225 | A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-36225 |
CVE-2020-36226 | A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-36226 |
CVE-2020-36227 | A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-36227 |
CVE-2020-36228 | An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-36228 |
CVE-2020-36229 | A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-36229 |
CVE-2020-13582 | A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-13582 |
CVE-2020-6088 | An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-6088 |
CVE-2020-13574 | A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-13574 |
CVE-2020-13575 | A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-13575 |
CVE-2020-13577 | A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-13577 |
CVE-2020-13578 | A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-13578 |
CVE-2020-13583 | A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-13583 |
CVE-2020-27779 | A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-27779 |
CVE-2020-28597 | A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password of an account of their choice. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-28597 |
CVE-2021-28165 | In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-28165 |
CVE-2021-31598 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-31598 |
CVE-2021-31871 | An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-31871 |
CVE-2021-21817 | An information disclosure vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21817 |
CVE-2021-21818 | A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of requests to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21818 |
CVE-2021-2351 | Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-2351 |
CVE-2021-38593 | Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-38593 |
CVE-2021-21823 | An information disclosure vulnerability exists in the Friend finder functionality of GmbH Komoot version 10.26.9 up to 11.1.11. A specially crafted series of network requests can lead to the disclosure of sensitive information. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21823 |
CVE-2021-35497 | The FTL Server (tibftlserver) and Docker images containing tibftlserver components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, TIBCO ActiveSpaces - Enterprise Edition, TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contain a vulnerability that theoretically allows a non-administrative, authenticated FTL user to trick the affected components into creating illegitimate certificates. These maliciously generated certificates can be used to enable man-in-the-middle attacks or to escalate privileges so that the malicious user has administrative privileges. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Developer Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Enterprise Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO FTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, and TIBCO eFTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35497 |
CVE-2021-35574 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35574 |
CVE-2021-42697 | Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-42697 |
CVE-2021-21955 | An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21955 |
CVE-2021-45034 | A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-45034 |
CVE-2021-40406 | A denial of service vulnerability exists in the cgiserver.cgi session creation functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to prevent users from logging in. An attacker can send an HTTP request to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-40406 |
CVE-2021-40419 | A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-40419 |
CVE-2021-40423 | A denial of service vulnerability exists in the cgiserver.cgi API command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of HTTP requests can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-40423 |
CVE-2022-21134 | A firmware update vulnerability exists in the "update" firmware checks functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-21134 |
CVE-2022-21236 | An information disclosure vulnerability exists due to a web server misconfiguration in the Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-21236 |
CVE-2022-21801 | A denial of service vulnerability exists in the netserver recv_command functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to a reboot. An attacker can send a malicious packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-21801 |
CVE-2021-44384 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzTattern param is not object. An attacker can send an HTTP request to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-44384 |
CVE-2021-46669 | MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46669 |
CVE-2021-21964 | A denial of service vulnerability exists in the Modbus configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21964 |
CVE-2022-21698 | client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-21698 |
CVE-2021-38266 | The Portal Security module in Liferay Portal 7.2.1 and earlier, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17 and 7.2 before fix pack 5 does not correctly import users from LDAP, which allows remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exist in LDAP. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-38266 |
CVE-2022-24921 | regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24921 |
CVE-2022-24713 | regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24713 |
CVE-2022-22719 | A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22719 |
CVE-2022-27191 | The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27191 |
CVE-2022-23345 | BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-23345 |
CVE-2022-23347 | BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-23347 |
CVE-2022-23352 | An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-23352 |
CVE-2018-25032 | zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-25032 |
CVE-2022-0741 | Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0741 |
CVE-2021-32978 | The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-32978 |
CVE-2021-32982 | Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-32982 |
CVE-2021-32994 | Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 to 5.64 exported library functions don't properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets to access several unexpected memory locations. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-32994 |
CVE-2021-33010 | An exception is thrown from a function in AVEVA System Platform versions 2017 through 2020 R2 P01, but it is not caught, which may cause a denial-of-service condition. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-33010 |
CVE-2022-23698 | A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-23698 |
CVE-2022-27649 | A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27649 |
CVE-2022-27650 | A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27650 |
CVE-2022-25584 | Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E Network Video System 4.23-3000_GY allows attackers to access sensitive information. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25584 |
CVE-2021-44108 | A null pointer dereference in src/amf/namf-handler.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request to amf. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-44108 |
CVE-2021-44109 | A buffer overflow in lib/sbi/message.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-44109 |
CVE-2021-45893 | An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Improper Handling of Case Sensitivity, which makes password guessing easier. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-45893 |
CVE-2022-26281 | BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26281 |
CVE-2020-23349 | An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk.share.WbShareTransActivity), any unexported Activities could be started by the com.sina.weibo.sdk.share.WbShareTransActivity. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-23349 |
CVE-2022-24795 | yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24795 |
CVE-2022-23974 | In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release 0.10.0 fixes this. See https://docs.pinot.apache.org/basics/releases/0.10.0 | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-23974 |
CVE-2021-30497 | Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive information via the C:/Windows/system32/config/system.sav value. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-30497 |
CVE-2022-24793 | PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that uses PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver instead. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24793 |
CVE-2021-26113 | A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN before 4.5.9 may allow an attacker who has previously come in possession of the password file to potentially guess passwords therein stored. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-26113 |
CVE-2022-24822 | Podium is a library for building micro frontends. @podium/layout is a module for building a Podium layout server, and @podium/proxy is a module for proxying HTTP requests from a layout server to a podlet server. In @podium/layout prior to version 4.6.110 and @podium/proxy prior to version 4.2.74, an attacker using the `Trailer` header as part of the request against proxy endpoints has the ability to take down the server. All Podium layouts that include podlets with proxy endpoints are affected. `@podium/layout`, which is the main way developers/users are vulnerable to this exploit, has been patched in version `4.6.110`. All earlier versions are vulnerable.`@podium/proxy`, which is the source of the vulnerability and is used by `@podium/layout` has been patched in version `4.2.74`. All earlier versions are vulnerable. It is not easily possible to work around this issue without upgrading. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24822 |
CVE-2022-20756 | A vulnerability in the RADIUS feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. This vulnerability is due to improper handling of certain RADIUS requests. An attacker could exploit this vulnerability by attempting to authenticate to a network or a service where the access server is using Cisco ISE as the RADIUS server. A successful exploit could allow the attacker to cause Cisco ISE to stop processing RADIUS requests, causing authentication/authorization timeouts, which would then result in legitimate requests being denied access. Note: To recover the ability to process RADIUS packets, a manual restart of the affected Policy Service Node (PSN) is required. See the Details section for more information. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20756 |
CVE-2022-26591 | FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attackers to access and download arbitrary files via a crafted GET request. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26591 |
CVE-2020-27374 | Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to a Replay Attack to BP Monitoring. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-27374 |
CVE-2021-46417 | Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46417 |
CVE-2021-46418 | An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46418 |
CVE-2021-43429 | A Denial of Service vulnerability exists in CORTX-S3 Server as of 11/7/2021 via the mempool_destroy method due to a failture to release locks pool->lock. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-43429 |
CVE-2022-0677 | Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. This issue affects: Bitdefender Update Server versions prior to 3.4.0.276. Bitdefender GravityZone versions prior to 26.4-1. Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.171. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.1.111. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0677 |
CVE-2022-22517 | An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22517 |
CVE-2022-26675 | aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal attacks to access arbitrary files under website root directory. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26675 |
CVE-2022-1219 | SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1219 |
CVE-2022-28002 | Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28002 |
CVE-2021-43521 | A Buffer Overflow vulnerability exists in zlog 1.2.15 via zlog_conf_build_with_file in src/zlog/src/conf.c. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-43521 |
CVE-2021-43498 | An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h, form_password_hidden, and form_change HTTP POST parameters are set. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-43498 |
CVE-2022-27279 | InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file read via the function sub_177E0. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27279 |
CVE-2022-27286 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanNonLogin. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27286 |
CVE-2022-27287 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPPoE. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27287 |
CVE-2022-27288 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPTP. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27288 |
CVE-2022-27289 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanL2TP. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27289 |
CVE-2022-27290 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanDhcpplus. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27290 |
CVE-2022-27291 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formdumpeasysetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the config.save_network_enabled parameter. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27291 |
CVE-2022-27292 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formLanguageChange. This vulnerability allows attackers to cause a Denial of Service (DoS) via the nextPage parameter. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27292 |
CVE-2022-27293 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27293 |
CVE-2022-27294 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanWizardSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27294 |
CVE-2022-27295 | D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formAdvanceSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27295 |
CVE-2022-1252 | Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1252 |
CVE-2022-27041 | Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27041 |
CVE-2022-0828 | The Download Manager WordPress plugin before 3.2.39 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0828 |
CVE-2022-0920 | The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0920 |
CVE-2022-0989 | An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0989 |
CVE-2021-38929 | IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Force ID: 210330. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-38929 |
CVE-2021-38930 | IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Force ID: 210331. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-38930 |
CVE-2021-40065 | The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-40065 |
CVE-2021-46740 | The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46740 |
CVE-2021-4047 | The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-4047 |
CVE-2022-22253 | The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22253 |
CVE-2022-22254 | A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22254 |
CVE-2022-22255 | The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22255 |
CVE-2022-22256 | The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22256 |
CVE-2022-22257 | The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22257 |
CVE-2022-24836 | Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24836 |
CVE-2022-24839 | org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library `org.cyberneko.html` is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24839 |
CVE-2022-1302 | In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1302 |
CVE-2022-25751 | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the HTTP headers of incoming requests. This could allow an unauthenticated remote attacker to crash affected devices. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25751 |
CVE-2022-25755 | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25755 |
CVE-2022-26334 | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26334 |
CVE-2022-26335 | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26335 |
CVE-2022-26380 | A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate if a certain SNMP key exists. An attacker could use this to trigger a reboot of an affected device by requesting specific SNMP information from the device. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26380 |
CVE-2022-27194 | A vulnerability has been identified in SIMATIC PCS neo (Administration Console) (All versions < V3.1 SP1), SINETPLAN (All versions), TIA Portal (V15, V15.1, V16 and V17). The affected system cannot properly process specially crafted packets sent to port 8888/tcp. A remote attacker could exploit this vulnerability to cause a Denial-of-Service condition. The affected devices must be restarted manually. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27194 |
CVE-2022-27241 | A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions), Mendix Applications using Mendix 8 (All versions), Mendix Applications using Mendix 9 (All versions < V9.11). Applications built with an affected system publicly expose the internal project structure. This could allow an unauthenticated remote attacker to read confidential information. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27241 |
CVE-2022-27480 | A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27480 |
CVE-2022-28328 | A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle malformed Multicast LLC frames. This could allow an attacker to trigger a denial of service condition. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28328 |
CVE-2022-23703 | A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates initiated by the Nimble appliance. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 5.0.10.100, 5.2.1.500, 6.0.0.100 | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-23703 |
CVE-2022-27261 | An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27261 |
CVE-2022-27376 | MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27376 |
CVE-2022-27377 | MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27377 |
CVE-2022-27380 | An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27380 |
CVE-2022-21983 | Win32 Stream Enumeration Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24534. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-21983 |
CVE-2022-24485 | Win32 File Enumeration Remote Code Execution Vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24485 |
CVE-2022-24534 | Win32 Stream Enumeration Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21983. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24534 |
CVE-2022-26830 | DiskUsage.exe Remote Code Execution Vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26830 |
CVE-2022-26831 | Windows LDAP Denial of Service Vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26831 |
CVE-2022-26832 | .NET Framework Denial of Service Vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26832 |
CVE-2022-26915 | Windows Secure Channel Denial of Service Vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26915 |
CVE-2022-26924 | YARP Denial of Service Vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26924 |
CVE-2022-21421 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 5.9.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-21421 |
CVE-2022-21422 | Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.4 and 12.0.0.5. Difficult to exploit vulnerability allows low privileged attacker with network access via TCP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-21422 |
CVE-2022-21441 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3/IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-21441 |
CVE-2022-21449 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-21449 |
CVE-2022-21466 | Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Tools and Frameworks). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Commerce Guided Search accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-21466 |
CVE-2022-21476 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-21476 |
CVE-2018-3834 | An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the kind of firmware image that is going to be installed and thus allows for flashing any signed firmware into any MCU. Since the device contains different and incompatible MCUs, flashing one firmware to the wrong MCU will result in a permanent brick condition. To trigger this vulnerability, an attacker needs to impersonate the remote server "cache.insteon.com" and serve a signed firmware image. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2018-3834 |
CVE-2016-9048 | Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain setups access the underlying operating system. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2016-9048 |
CVE-2019-5152 | An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An attacker can send arbitrary packets to trigger this vulnerability. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-5152 |
CVE-2021-21968 | A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to arbitrary file overwrite. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21968 |
CVE-2021-44531 | Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-44531 |
CVE-2021-42324 | An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470. Due to improper parameter validation in the console interface, it is possible for a low-privileged authenticated attacker to escape the sandbox environment and execute system commands as root via shell metacharacters in the capture command parameters. Command output will be shown on the Serial interface of the device. Exploitation requires both credentials and physical access. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-42324 |
CVE-2021-45104 | An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users' jobs and data. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-45104 |
CVE-2018-3962 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the CreationDate property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2018-3962 |
CVE-2019-1020018 | Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-1020018 |
CVE-2022-25154 | A DLL hijacking vulnerability in Samsung portable SSD T5 PC software before 1.6.9 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows 7, 10, or 11 to exploit this vulnerability.) | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-25154 |
CVE-2022-1248 | A vulnerability was found in SAP Information System 1.0 which has been rated as critical. Affected by this issue is the file /SAP_Information_System/controllers/add_admin.php. An unauthenticated attacker is able to create a new admin account for the web application with a simple POST request. Exploit details were disclosed. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-1248 |
CVE-2022-26671 | Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-26671 |
CVE-2022-22339 | IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 219736. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-22339 |
CVE-2022-27883 | A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an attacker must at least have low-level privileges on the system to attempt to exploit this vulnerability. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-27883 |
CVE-2022-23449 | A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-23449 |
CVE-2022-26921 | Visual Studio Code Elevation of Privilege Vulnerability. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-26921 |
CVE-2017-2851 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2017-2851 |
CVE-2017-2832 | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during a password change resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2017-2832 |
CVE-2018-3937 | An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2018-3937 |
CVE-2017-2872 | Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to the device, binaries as well as arguments to shell commands contained in the image are executed with elevated privileges. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2017-2872 |
CVE-2017-2873 | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SoftAP configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2017-2873 |
CVE-2018-3953 | Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. When the 'preinit' binary receives the SIGHUP signal, it enters a code path that continues until it reaches offset 0x0042B5C4 in the 'start_lltd' function. Within the 'start_lltd' function, a 'nvram_get' call is used to obtain the value of the user-controlled 'machine_name' NVRAM entry. This value is then entered directly into a command intended to write the host name to a file and subsequently executed. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2018-3953 |
CVE-2018-3954 | Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAMData entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. When the 'preinit' binary receives the SIGHUP signal it enters a code path that calls a function named 'set_host_domain_name' from its libshared.so shared object. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2018-3954 |
CVE-2018-3955 | An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send an authenticated HTTP request to trigger this vulnerability. Data entered into the 'Domain Name' input field through the web portal is submitted to apply.cgi as the value to the 'wan_domain' POST parameter. The wan_domain data goes through the nvram_set process described above. When the 'preinit' binary receives the SIGHUP signal it enters a code path that calls a function named 'set_host_domain_name' from its libshared.so shared object. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2018-3955 |
CVE-2018-3951 | An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in remote code execution on the device. An attacker can send an authenticated HTTP request to trigger this vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2018-3951 |
CVE-2018-4019 | An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_normal_mode` parameter. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2018-4019 |
CVE-2018-4020 | An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_ac_mode` POST parameter parameter. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2018-4020 |
CVE-2018-4021 | An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_battery_mode` POST parameter. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2018-4021 |
CVE-2019-1020011 | SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2019-1020011 |
CVE-2019-5142 | An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various authenticated requests to trigger this vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2019-5142 |
CVE-2019-5165 | An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2019-5165 |
CVE-2020-10386 | admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2020-10386 |
CVE-2020-10389 | admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2020-10389 |
CVE-2020-6114 | An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2020-6114 |
CVE-2021-21819 | A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-21819 |
CVE-2021-21880 | A directory traversal vulnerability exists in the Web Manager FsCopyFile functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-21880 |
CVE-2021-21885 | A directory traversal vulnerability exists in the Web Manager FsMove functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-21885 |
CVE-2021-21895 | A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to FsTFtp file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-21895 |
CVE-2021-21904 | A directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’ iC Module CMA Version 5.0. An attacker can provide malicious input to trigger this vulnerability | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-21904 |
CVE-2021-21905 | Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA Connect”, to interact with the iC Module on behalf of the user. After a client successfully authenticates, they can send plaintext commands to manipulate the device. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-21905 |
CVE-2021-21906 | Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA Connect”, to interact with the iC Module on behalf of the user. Every time a user submits a password to the CLI password prompt, the buffer containing their input is passed as the password parameter to the checkPassword function. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-21906 |
CVE-2021-40410 | An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [4] the dns_data->dns1 variable, that has the value of the dns1 parameter provided through the SetLocal API, is not validated properly. This would lead to an OS command injection. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-40410 |
CVE-2021-40411 | An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [6] the dns_data->dns2 variable, that has the value of the dns2 parameter provided through the SetLocalLink API, is not validated properly. This would lead to an OS command injection. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-40411 |
CVE-2021-40412 | An OScommand injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [8] the devname variable, that has the value of the name parameter provided through the SetDevName API, is not validated properly. This would lead to an OS command injection. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-40412 |
CVE-2021-32977 | AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies, the cryptographic signature for data. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-32977 |
CVE-2021-32981 | AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-32981 |
CVE-2021-32985 | AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-32985 |
CVE-2022-26982 | SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-26982 |
CVE-2022-26251 | The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-26251 |
CVE-2022-22410 | IBM Watson Query with Cloud Pak for Data as a Service could allow an authenticated user to obtain sensitive information that would allow them to examine or alter system configurations or data sources connected to the service. IBM X-Force ID: 222763. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-22410 |
CVE-2022-20754 | Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. For more information about these vulnerabilities, see the Details section of this advisory. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-20754 |
CVE-2022-20755 | Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. For more information about these vulnerabilities, see the Details section of this advisory. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-20755 |
CVE-2022-26607 | A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 was discovered to allow attackers to execute arbitrary code via uploading a crafted PHP file. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-26607 |
CVE-2022-27061 | AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-27061 |
CVE-2022-27349 | Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-27349 |
CVE-2021-46436 | An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-46436 |
CVE-2021-46367 | RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-46367 |
CVE-2022-1006 | The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-1006 |
CVE-2022-1008 | The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-1008 |
CVE-2022-1023 | The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-1023 |
CVE-2021-37292 | An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor account with admin highest privileges and obtain system control. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-37292 |
CVE-2022-27573 | Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-27573 |
CVE-2022-27574 | Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-27574 |
CVE-2022-24536 | Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-24536 |
CVE-2022-26811 | Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-26811 |
CVE-2022-26812 | Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-26812 |
CVE-2022-26813 | Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-26813 |
CVE-2022-26815 | Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-26815 |
CVE-2022-26823 | Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-26823 |
CVE-2022-26824 | Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-26824 |
CVE-2022-26825 | Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26826, CVE-2022-26829. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-26825 |
CVE-2022-26826 | Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26829. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-26826 |
CVE-2022-26898 | Azure Site Recovery Remote Code Execution Vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-26898 |
CVE-2022-21410 | Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Sharding. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Sharding. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-21410 |
CVE-2017-12613 | When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-12613 |
CVE-2017-14461 | A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-14461 |
CVE-2017-14450 | A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-14450 |
CVE-2018-3854 | An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowing the password. An attacker needs to have access to the password-protected files to trigger this vulnerability. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-3854 |
CVE-2019-5139 | An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-5139 |
CVE-2020-13522 | An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-13522 |
CVE-2020-8177 | curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-8177 |
CVE-2021-32938 | Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing of DWG files resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of service condition or read sensitive information from memory. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-32938 |
CVE-2021-32940 | An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or read sensitive information from memory locations. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-32940 |
CVE-2021-32950 | An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of-service condition or read sensitive information from memory locations. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-32950 |
CVE-2021-31360 | An improper privilege management vulnerability in the Juniper Networks Junos OS and Junos OS Evolved command-line interpreter (CLI) allows a low-privileged user to overwrite local files as root, possibly leading to a system integrity issue or Denial of Service (DoS). Depending on the files overwritten, exploitation of this vulnerability could lead to a sustained Denial of Service (DoS) condition, requiring manual user intervention to recover. Systems are only vulnerable if jdhcpd is running, which can be confirmed via the 'show system processes' command. For example: root@host# run show system processes extensive | match dhcp 26537 root -16 0 97568K 13692K RUN 0 0:01 3.71% jdhcpd This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-31360 |
CVE-2022-0891 | A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-0891 |
CVE-2022-0995 | An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-0995 |
CVE-2021-3461 | A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name]. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-3461 |
CVE-2022-22514 | An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. This causes a null pointer dereference in the CmpSettings component of the affected CODESYS products and leads to a crash. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-22514 |
CVE-2022-27823 | Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-27823 |
CVE-2022-27824 | Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-27824 |
CVE-2022-27825 | Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-27825 |
CVE-2016-9032 | An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer overflow in the nm variable leading to an out of bounds memory access and could result in potential privilege escalation. This vulnerability is distinct from CVE-2016-9034. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2016-9032 |
CVE-2016-9033 | An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer overflow in the path variable leading to an out of bounds memory access and could result in potential privilege escalation. This vulnerability is distinct from CVE-2016-9035. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2016-9033 |
CVE-2016-9034 | An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a buffer overflow in the nm variable leading to an out of bounds memory access and could result in potential privilege escalation. This vulnerability is distinct from CVE-2016-9032. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2016-9034 |
CVE-2016-9035 | An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer overflow in the path variable leading to an out of bounds memory access and could result in potential privilege escalation. This vulnerability is distinct from CVE-2016-9033. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2016-9035 |
CVE-2016-8707 | An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2016-8707 |
CVE-2017-2834 | An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle attack to trigger this vulnerability. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2017-2834 |
CVE-2018-3968 | An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy image format. To trigger this vulnerability, a local attacker needs to be able to supply the image to boot. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2018-3968 |
CVE-2019-12817 | arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2019-12817 |
CVE-2019-13226 | deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary location. By winning a race condition, the attacker can also enter the mount point, thereby preventing a subsequent unmount of the file system. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2019-13226 |
CVE-2019-11552 | Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2019-11552 |
CVE-2019-9458 | In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2019-9458 |
CVE-2019-18683 | An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2019-18683 |
CVE-2019-12418 | When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2019-12418 |
CVE-2022-23181 | The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-23181 |
CVE-2021-3609 | .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2021-3609 |
CVE-2021-3640 | A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2021-3640 |
CVE-2022-26488 | In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-26488 |
CVE-2022-26357 | race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the housekeeping structures has a race, allowing for VT-d domain IDs to be leaked and flushes to be bypassed. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-26357 |
CVE-2022-28796 | jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-28796 |
CVE-2022-27834 | Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-27834 |
CVE-2022-24482 | Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24540. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-24482 |
CVE-2022-24495 | Windows Direct Show - Remote Code Execution Vulnerability. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-24495 |
CVE-2022-24540 | Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24482. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-24540 |
CVE-2022-26807 | Windows Work Folder Service Elevation of Privilege Vulnerability. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-26807 |
CVE-2022-26808 | Windows File Explorer Elevation of Privilege Vulnerability. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-26808 |
CVE-2022-26827 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26810. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-26827 |
CVE-2022-26828 | Windows Bluetooth Driver Elevation of Privilege Vulnerability. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-26828 |
CVE-2022-26904 | Windows User Profile Service Elevation of Privilege Vulnerability. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-26904 |
CVE-2017-12114 | An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-12114 |
CVE-2018-3890 | An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted file can cause a logic flaw and command injection, resulting in code execution. An attacker can insert an SD card to trigger this vulnerability. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3890 |
CVE-2018-3920 | An exploitable code execution vulnerability exists in the firmware update functionality of the Yi Home Camera 27US 1.8.7.0D. A specially crafted 7-Zip file can cause a CRC collision, resulting in a firmware update and code execution. An attacker can insert an SDcard to trigger this vulnerability. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3920 |
CVE-2022-27651 | A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27651 |
CVE-2022-25338 | ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25338 |
CVE-2022-25832 | Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without authentication. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25832 |
CVE-2022-26091 | Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that physical attackers can bypass Knox Manage using a function key of hardware keyboard. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26091 |
CVE-2022-24832 | GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not directly allow arbitrary LDAP data exfiltration, it can allow an existing LDAP-authenticated GoCD user with malicious intent to construct and execute malicious queries, allowing them to deduce facts about other users or entries within the LDAP database (e.g alternate fields, usernames, hashed passwords etc) through brute force mechanisms. This only affects users who have a working LDAP authorization configuration enabled on their GoCD server, and only is exploitable by users authenticating using such an LDAP configuration. This issue has been fixed in GoCD 22.1.0, which is bundled with gocd-ldap-authentication-plugin v2.2.0-144. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24832 |
CVE-2017-12127 | A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2017-12127 |
CVE-2018-3913 | An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long "accessKey" value in order to exploit this vulnerability. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2018-3913 |
CVE-2019-6145 | Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs for finding this vulnerability and for reporting it to us. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2019-6145 |
CVE-2019-5094 | An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2019-5094 |