Security Bulletin 20 Apr 2022

Published on 20 Apr 2022

Updated on 20 Apr 2022

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Criticalvulnerabilities with a base score of 9.0 to 10.0
Highvulnerabilities with a base score of 7.0 to 8.9
Mediumvulnerabilities with a base score of 4.0 to 6.9
Lowvulnerabilities with a base score of 0.1 to 3.9
Nonevulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2017-2785An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in remote code execution. This client is always listening, has root privileges, and requires no user interaction to exploit.10https://nvd.nist.gov/vuln/detail/CVE-2017-2785
CVE-2017-2788A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code execution. This client is always listening, has root privileges, and requires no user interaction to exploit.10https://nvd.nist.gov/vuln/detail/CVE-2017-2788
CVE-2018-3938An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to trigger this vulnerability.10https://nvd.nist.gov/vuln/detail/CVE-2018-3938
CVE-2018-4031An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without prior sanitization, which results in arbitrary Lua script execution in the kernel. An attacker could send an HTTP request to exploit this vulnerability.10https://nvd.nist.gov/vuln/detail/CVE-2018-4031
CVE-2021-21777An information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted network request can lead to an out-of-bounds read.10https://nvd.nist.gov/vuln/detail/CVE-2021-21777
CVE-2021-44228Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.10https://nvd.nist.gov/vuln/detail/CVE-2021-44228
CVE-2022-24760Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file `DatabaseController.js`, so it is likely to affect Postgres and any other database backend as well. This vulnerability has been confirmed on Linux (Ubuntu) and Windows. Users are advised to upgrade as soon as possible. The only known workaround is to manually patch your installation with code referenced at the source GHSA-p6h4-93qp-jhcm.10https://nvd.nist.gov/vuln/detail/CVE-2022-24760
CVE-2022-21431Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.4 and 12.0.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).10https://nvd.nist.gov/vuln/detail/CVE-2022-21431
CVE-2017-14444An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the URL parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET request to trigger this vulnerability.9.9https://nvd.nist.gov/vuln/detail/CVE-2017-14444
CVE-2017-14445An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET request to trigger this vulnerability.9.9https://nvd.nist.gov/vuln/detail/CVE-2017-14445
CVE-2017-14446An exploitable stack-based buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation unsafely extracts parameters from the query string, leading to a buffer overflow on the stack. An attacker can send an HTTP GET request to trigger this vulnerability.9.9https://nvd.nist.gov/vuln/detail/CVE-2017-14446
CVE-2017-16338An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01bad0 the value for the host key is copied using strcpy to the buffer at 0xa00016e0. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.9.9https://nvd.nist.gov/vuln/detail/CVE-2017-16338
CVE-2017-16339An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01bb1c the value for the uri key is copied using strcpy to the buffer at 0xa00016a0. This buffer is 64 bytes large, sending anything longer will cause a buffer overflow.9.9https://nvd.nist.gov/vuln/detail/CVE-2017-16339
CVE-2017-16340An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c0e8 the value for the s_dport key is copied using strcpy to the buffer at 0xa000180c. This buffer is 6 bytes large, sending anything longer will cause a buffer overflow.9.9https://nvd.nist.gov/vuln/detail/CVE-2017-16340
CVE-2017-16341An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c224 the value for the s_vol_play key is copied using strcpy to the buffer at 0xa0000418. This buffer is maximum 8 bytes large (this is the maximum size it could be, it is possible other global variables are stored between this variable and the next one that we could identify), sending anything longer will cause a buffer overflow.9.9https://nvd.nist.gov/vuln/detail/CVE-2017-16341
CVE-2017-16342An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c254 the value for the s_vol_dim_delta key is copied using strcpy to the buffer at 0xa0000514. This buffer is 4 bytes large, sending anything longer will cause a buffer overflow.9.9https://nvd.nist.gov/vuln/detail/CVE-2017-16342
CVE-2017-16343An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c284 the value for the s_vol_brt_delta key is copied using strcpy to the buffer at 0xa0000510. This buffer is 4 bytes large, sending anything longer will cause a buffer overflow.9.9https://nvd.nist.gov/vuln/detail/CVE-2017-16343
CVE-2017-16344An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c2c8 the value for the s_url key is copied using strcpy to the buffer at 0xa0001a0c. This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. The destination can also be shifted by using an sn_speaker parameter between "0" and "3".9.9https://nvd.nist.gov/vuln/detail/CVE-2017-16344
CVE-2017-16345An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c318 the value for the s_port key is copied using strcpy to the buffer at 0xa00017f4. This buffer is 6 bytes large, sending anything longer will cause a buffer overflow. The destination can also be shifted by using an sn_speaker parameter between "0" and "3".9.9https://nvd.nist.gov/vuln/detail/CVE-2017-16345
CVE-2017-16346An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c368 the value for the s_mac key is copied using strcpy to the buffer at 0xa000170c. This buffer is 25 bytes large, sending anything longer will cause a buffer overflow. The destination can also be shifted by using an sn_speaker parameter between "0" and "3".9.9https://nvd.nist.gov/vuln/detail/CVE-2017-16346
CVE-2017-16347An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01e7d4 the value for the s_vol key is copied using strcpy to the buffer at 0xa0001700. This buffer is maximum 12 bytes large (this is the maximum size it could be, it is possible other global variables are stored between this variable and the next one that we could identify), sending anything longer will cause a buffer overflow.9.9https://nvd.nist.gov/vuln/detail/CVE-2017-16347
CVE-2018-3863On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. A strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "user" value in order to exploit this vulnerability.9.9https://nvd.nist.gov/vuln/detail/CVE-2018-3863
CVE-2018-3867An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly handles the answer received from a smart camera, leading to a buffer overflow on the stack. An attacker can send a series of HTTP requests to trigger this vulnerability.9.9https://nvd.nist.gov/vuln/detail/CVE-2018-3867
CVE-2018-3878Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. A strncpy overflows the destination buffer, which has a size of 16 bytes. An attacker can send an arbitrarily long "region" value in order to exploit this vulnerability.9.9https://nvd.nist.gov/vuln/detail/CVE-2018-3878
CVE-2018-3902An exploitable buffer overflow vulnerability exists in the camera "replace" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the URL field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.9.9https://nvd.nist.gov/vuln/detail/CVE-2018-3902
CVE-2018-3903On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The memcpy call overflows the destination buffer, which has a size of 512 bytes. An attacker can send an arbitrarily long "url" value in order to overwrite the saved-PC with 0x42424242.9.9https://nvd.nist.gov/vuln/detail/CVE-2018-3903
CVE-2018-3905An exploitable buffer overflow vulnerability exists in the camera "create" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the "state" field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.9.9https://nvd.nist.gov/vuln/detail/CVE-2018-3905
CVE-2018-3917On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. The strcpy call overflows the destination buffer, which has a size of 16 bytes. An attacker can send an arbitrarily long "region" value in order to exploit this vulnerability.9.9https://nvd.nist.gov/vuln/detail/CVE-2018-3917
CVE-2018-3919An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely extracts the fields from the "clips" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send a series of HTTP requests to trigger this vulnerability.9.9https://nvd.nist.gov/vuln/detail/CVE-2018-3919
CVE-2018-3925An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely parses the AWSELB cookie while communicating with remote video-host servers, leading to a buffer overflow on the heap. An attacker able to impersonate the remote HTTP servers could trigger this vulnerability.9.9https://nvd.nist.gov/vuln/detail/CVE-2018-3925
CVE-2018-3856An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this vulnerability.9.9https://nvd.nist.gov/vuln/detail/CVE-2018-3856
CVE-2018-3866An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strcpy at [8] overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long 'callbackUrl' value in order to exploit this vulnerability.9.9https://nvd.nist.gov/vuln/detail/CVE-2018-3866
CVE-2018-3872An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts the videoHostUrl field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.9.9https://nvd.nist.gov/vuln/detail/CVE-2018-3872
CVE-2018-3880An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles existing records inside its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.9.9https://nvd.nist.gov/vuln/detail/CVE-2018-3880
CVE-2018-3904An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.9.9https://nvd.nist.gov/vuln/detail/CVE-2018-3904
CVE-2019-5138An exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability.9.9https://nvd.nist.gov/vuln/detail/CVE-2019-5138
CVE-2021-21954A command execution vulnerability exists in the wifi_country_code_update functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution.9.9https://nvd.nist.gov/vuln/detail/CVE-2021-21954
CVE-2021-21872An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.9.9https://nvd.nist.gov/vuln/detail/CVE-2021-21872
CVE-2021-21881An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.9.9https://nvd.nist.gov/vuln/detail/CVE-2021-21881
CVE-2021-21883An OS command injection vulnerability exists in the Web Manager Diagnostics: Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.9.9https://nvd.nist.gov/vuln/detail/CVE-2021-21883
CVE-2021-21889A stack-based buffer overflow vulnerability exists in the Web Manager Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.9.9https://nvd.nist.gov/vuln/detail/CVE-2021-21889
CVE-2021-21892A stack-based buffer overflow vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.9.9https://nvd.nist.gov/vuln/detail/CVE-2021-21892
CVE-2016-8339A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2016-8339
CVE-2016-8704An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2016-8704
CVE-2016-8705Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2016-8705
CVE-2016-9052An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function as_sindex__simatch_by_iname resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2016-9052
CVE-2016-9054An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function as_sindex__simatch_list_by_set_binid resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2016-9054
CVE-2016-9051An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds write resulting in memory corruption which can lead to remote code execution. An attacker can simply connect to the port to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2016-9051
CVE-2016-9053An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a function table outside the bounds of an array resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2016-9053
CVE-2017-2789When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. If both of these values are larger than the size of the buffer, the application will choose the smaller of the two and trust it to copy data from the file. This value is larger than the buffer size, which leads to a heap-based buffer overflow. This overflow corrupts an offset in the heap used in pointer arithmetic for writing data and can lead to code execution under the context of the application.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-2789
CVE-2017-2790When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro Office trusts that the size is greater than zero, subtracts one from the length, and uses this result as the size for a memcpy. This results in a heap-based buffer overflow and can lead to code execution under the context of the application.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-2790
CVE-2017-5929QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-5929
CVE-2017-2800A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger this vulnerability, the attacker needs to supply a malicious x509 certificate to either a server or a client application using this library.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-2800
CVE-2017-2801A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-2801
CVE-2017-2810An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-2810
CVE-2017-2805An exploitable stack-based buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera. A specially crafted http request can cause a stack-based buffer overflow resulting in overwriting arbitrary data on the stack frame. An attacker can simply send an http request to the device to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-2805
CVE-2016-8731Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not have port 50021 blocked by an intermediate device.9.8https://nvd.nist.gov/vuln/detail/CVE-2016-8731
CVE-2017-2780An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-2780
CVE-2017-2781An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-2781
CVE-2017-9841Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-9841
CVE-2017-12629Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-12629
CVE-2017-12085An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-12085
CVE-2017-2864An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Specially crafted network packets can cause a valid authentication token to be returned to the attacker resulting in authentication bypass. An attacker can send a series of packets to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-2864
CVE-2017-2891An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request over the network to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-2891
CVE-2017-2892An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-2892
CVE-2017-2894An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-2894
CVE-2017-2921An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An attacker needs to send a specially crafted websocket packet over network to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-2921
CVE-2017-2922An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to achieve remote code execution. An attacker needs to send a specially crafted websocket packet over the network to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-2922
CVE-2017-5641Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such behaviors. One vector in the Java standard library exists that allows an attacker to trigger possibly further exploitable Java deserialization of untrusted data. Other known vectors in third party libraries can be used to trigger remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-5641
CVE-2018-4878A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-4878
CVE-2018-5473An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. The SSH functions of the device are vulnerable to buffer overflow conditions that may allow a remote attacker to execute arbitrary code on the device.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-5473
CVE-2018-7750transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-7750
CVE-2016-8717An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attackers full control of affected devices.9.8https://nvd.nist.gov/vuln/detail/CVE-2016-8717
CVE-2017-2853An exploitable Code Execution vulnerability exists in the RequestForPatientInfoEEGfile functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-2853
CVE-2017-2867An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-2867
CVE-2017-2868An exploitable code execution vulnerability exists in the NewProducerStream functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-2868
CVE-2017-2869An exploitable code execution vulnerability exists in the OpenProducer functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can send a malicious packet to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-2869
CVE-2017-14462An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG (also RUN for some) Description: Allows an attacker to enable SNMP, Modbus, DNP, and any other features in the channel configuration. Also allows attackers to change network parameters, such as IP address, name server, and domain name.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-14462
CVE-2017-14463An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0012 Fault Type: Non-User Description: A fault state can be triggered by overwriting the ladder logic data file (type 0x22 number 0x02) with null values.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-14463
CVE-2017-14464An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability.Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0001 Fault Type: Non-User Description: A fault state can be triggered by setting the NVRAM/memory module user program mismatch bit (S2:9) when a memory module is NOT installed.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-14464
CVE-2017-14465An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE Description: Any input or output can be forced, causing unpredictable activity from the PLC.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-14465
CVE-2017-14466An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: The filetype 0x03 allows users write access, allowing the ability to overwrite the Master Password value stored in the file.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-14466
CVE-2017-14467An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE Description: Live rung edits are able to be made by an unauthenticated user allowing for addition, deletion, or modification of existing ladder logic. Additionally, faults and cpu state modification can be triggered if specific ladder logic is used.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-14467
CVE-2017-14468An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: This ability is leveraged in a larger exploit to flash custom firmware.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-14468
CVE-2017-14469An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0028 Fault Type: Non-User Description: Values 0x01 and 0x02 are invalid values for the user fault routine. By writing directly to the file it is possible to set these values. When this is done and the device is moved into a run state, a fault is triggered. NOTE: This is not possible through RSLogix.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-14469
CVE-2017-14470An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG or RUN Description: The value 0xffffffff is considered NaN for the Float data type. When a float is set to this value and used in the PLC, a fault is triggered. NOTE: This is not possible through RSLogix.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-14470
CVE-2017-14471An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Codes: 0023, 002e, and 0037 Fault Type: Recoverable Description: The STI, EII, and HSC function files contain bits signifying whether or not a fault has occurred. Additionally there is a bit signaling the module to auto start. When these bits are set for any of the three modules and the device is moved into a run state, a fault is triggered.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-14471
CVE-2017-14472An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: Any Description: Requests a specific set of bytes from an undocumented data file and returns the ASCII version of the master password.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-14472
CVE-2017-14473An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: Any Description: Reads the encoded ladder logic from its data file and print it out in HEX.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-14473
CVE-2017-14459An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-14459
CVE-2017-12087An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-12087
CVE-2017-2885An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-2885
CVE-2018-10753Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-10753
CVE-2018-10771Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-10771
CVE-2017-14474In the MMM::Agent::Helpers::_execute function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\\_agentd process. An attacker that can initiate a TCP session with mmm\\_agentd can trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-14474
CVE-2017-14475In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\\_agentd process. An attacker that can initiate a TCP session with mmm\\_agentd can trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-14475
CVE-2017-14476In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\\_agentd process. An attacker that can initiate a TCP session with mmm\\_agentd can trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-14476
CVE-2017-14477In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\\_agentd process. An attacker that can initiate a TCP session with mmm\\_agentd can trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-14477
CVE-2017-14478In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\\_agentd process. An attacker that can initiate a TCP session with mmm\\_agentd can trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-14478
CVE-2017-14479In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\\_agentd process. An attacker that can initiate a TCP session with mmm\\_agentd can trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-14479
CVE-2017-14480In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\\_agentd process. An attacker that can initiate a TCP session with mmm\\_agentd can trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-14480
CVE-2017-14481In the MMM::Agent::Helpers::Network::send_arp function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\\_agentd process. An attacker that can initiate a TCP session with mmm\\_agentd can trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-14481
CVE-2018-12584The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-12584
CVE-2018-11058RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-11058
CVE-2017-2877A missing error check exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 could allow an attacker to reset the user accounts to factory defaults, without authentication.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-2877
CVE-2018-3972An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700) and other cryptocurrencies. A specially crafted network packet can cause a logic flaw, resulting in code execution. An attacker can send a packet to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-3972
CVE-2018-4013An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-4013
CVE-2018-3892An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traffic to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-3892
CVE-2018-3934An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of packets to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-3934
CVE-2018-4056An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator web portal. An attacker can log in via the external interface of the TURN server to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-4056
CVE-2018-3991An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-3991
CVE-2019-6139Forcepoint User ID (FUID) server versions up to 1.2 have a remote arbitrary file upload vulnerability on TCP port 5001. Successful exploitation of this vulnerability may lead to remote code execution. To fix this vulnerability, upgrade to FUID version 1.3 or higher. To prevent the vulnerability on FUID versions 1.2 and below, apply local firewall rules on the FUID server to disable all external access to port TCP/5001. FUID requires this port only for local connections through the loopback interface.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-6139
CVE-2018-20033A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-20033
CVE-2019-5019A heap-based overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro R1 (7,0,2018,1113). While parsing Document Summary Property Set stream, the getSummaryInformation function is incorrectly checking the correlation between size and the number of properties in PropertySet packets, causing an out-of-bounds write that leads to heap corruption and consequent code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-5019
CVE-2018-17988LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_query parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-17988
CVE-2018-4059An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuration, which can lead to additional attacks. An attacker who can get access to the telnet port can gain administrator access to the TURN server.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-4059
CVE-2018-3985An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a memory space is freed twice if an invalid query name is encountered, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-3985
CVE-2018-4003An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-4003
CVE-2019-10655Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-10655
CVE-2019-5021Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-5021
CVE-2018-4014An exploitable code execution vulnerability exists in Wi-Fi Command 9999 of the Roav A1 Dashcam running version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-4014
CVE-2018-4016An exploitable code execution vulnerability exists in the URL-parsing functionality of the Roav A1 Dashcam running version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-4016
CVE-2018-4018An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP PUT request or upgrade firmware request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-4018
CVE-2018-4023An exploitable code execution vulnerability exists in the XML_UploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-4023
CVE-2018-4029An exploitable code execution vulnerability exists in the HTTP request-parsing function of the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause an unlimited and arbitrary write to memory, resulting in code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-4029
CVE-2019-11580Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-11580
CVE-2019-10993In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-10993
CVE-2019-9848LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-9848
CVE-2019-13962lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-13962
CVE-2019-1010228OFFIS.de DCMTK 3.6.3 and below is affected by: Buffer Overflow. The impact is: Possible code execution and confirmed Denial of Service. The component is: DcmRLEDecoder::decompress() (file dcrledec.h, line 122). The attack vector is: Many scenarios of DICOM file processing (e.g. DICOM to image conversion). The fixed version is: 3.6.4, after commit 40917614e.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-1010228
CVE-2019-11703A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-11703
CVE-2019-11704A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-11704
CVE-2019-11709Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-11709
CVE-2019-11710Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 68.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-11710
CVE-2019-14271In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-14271
CVE-2019-11202An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 through 2.2.1. When Rancher starts for the first time, it creates a default admin user with a well-known password. After initial setup, the Rancher administrator may choose to delete this default admin user. If Rancher is restarted, the default admin user will be recreated with the well-known default password. An attacker could exploit this by logging in with the default admin credentials. This can be mitigated by deactivating the default admin user rather than completing deleting them.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-11202
CVE-2019-15780The formidable plugin before 4.02.01 for WordPress has unsafe deserialization.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-15780
CVE-2019-10891An issue was discovered in D-Link DIR-806 devices. There is a command injection in function hnap_main, which calls system() without checking the parameter that can be controlled by user, and finally allows remote attackers to execute arbitrary shell commands with a special HTTP header.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-10891
CVE-2019-12405Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct password.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-12405
CVE-2019-11495In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now() to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute code against a remote system. This has been fixed in version 6.0.0.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-11495
CVE-2019-5066An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free condition. To trigger this vulnerability, a specifically crafted PDF document needs to be processed by the target application.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-5066
CVE-2019-5067An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerability, a specifically crafted PDF document needs to be processed by the target application.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-5067
CVE-2019-5127A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImage.php is vulnerable to a command injection attack.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-5127
CVE-2019-5128A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImageMP4.php is vulnerable to a command injection attack.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-5128
CVE-2019-5129A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getSpiritsFromVideo.php is vulnerable to a command injection attack.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-5129
CVE-2019-5150An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. When the "VideoTags" plugin is enabled, a specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-5150
CVE-2019-5151An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. A specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-5151
CVE-2019-5029An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $() can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker can execute any command as the user running the Exhibitor process.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-5029
CVE-2019-5096An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of this request that can be used to corrupt heap structures that could lead to full code execution. The request can be unauthenticated in the form of GET or POST requests, and does not require the requested resource to exist on the server.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-5096
CVE-2019-19317lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-19317
CVE-2019-19646pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-19646
CVE-2019-5085An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-5085
CVE-2019-5093An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-5093
CVE-2016-1000027Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.9.8https://nvd.nist.gov/vuln/detail/CVE-2016-1000027
CVE-2020-8955irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode).9.8https://nvd.nist.gov/vuln/detail/CVE-2020-8955
CVE-2020-6061An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-6061
CVE-2020-9352An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-9352
CVE-2020-5847Unraid through 6.8.0 allows Remote Code Execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-5847
CVE-2020-6072An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-6072
CVE-2020-6814Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-6814
CVE-2020-6109An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to exploit this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-6109
CVE-2020-6141An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-6141
CVE-2020-6137SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-6137
CVE-2020-6138SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The uname parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection An attacker can send an HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-6138
CVE-2020-6139SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The username_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-6139
CVE-2020-6140SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-6140
CVE-2020-6142A remote code execution vulnerability exists in the Modules.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can cause local file inclusion. An attacker can send an HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-6142
CVE-2020-6143A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The password variable which is set at line 122 in install/Step5.php allows for injection of PHP code into the Data.php file that it writes. An attacker can send an HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-6143
CVE-2020-6144A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The username variable which is set at line 121 in install/Step5.php allows for injection of PHP code into the Data.php file that it writes. An attacker can send an HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-6144
CVE-2020-6151A memory corruption vulnerability exists in the TIFF handle_COMPRESSION_PACKBITS functionality of Accusoft ImageGear 19.7. A specially crafted malformed file can cause a memory corruption. An attacker can provide a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-6151
CVE-2019-0230Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-0230
CVE-2020-13499An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstancePath in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-13499
CVE-2020-13500SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter ClassName in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-13500
CVE-2020-13501An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstanceName in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-13501
CVE-2020-7774This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po6ix: const y18n = require('y18n')(); y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true9.8https://nvd.nist.gov/vuln/detail/CVE-2020-7774
CVE-2020-13556An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-13556
CVE-2021-3199Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server before 5.6.3, when JWT is used, via a /.. sequence in an image upload parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-3199
CVE-2020-28653Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-28653
CVE-2020-13576A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-13576
CVE-2020-28601A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-28601
CVE-2020-28636A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-28636
CVE-2020-35628A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-35628
CVE-2020-35636A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume() OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-35636
CVE-2021-21783A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21783
CVE-2020-27227An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and compromise underlying operating system.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-27227
CVE-2020-27233An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the supplierUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-27233
CVE-2020-27234An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the serviceUID parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-27234
CVE-2020-27235An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the description parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-27235
CVE-2020-27236An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the compnomenclature parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-27236
CVE-2020-27237An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the The nomenclature parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-27237
CVE-2020-27238An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-27238
CVE-2020-27239An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-27239
CVE-2020-28592A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-28592
CVE-2020-27240An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-27240
CVE-2020-27241An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The serialnumber parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-27241
CVE-2021-3287Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a general bypass in the deserialization class.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-3287
CVE-2021-31870An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result in an integer overflow and a subsequent heap buffer overflow.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-31870
CVE-2021-31872An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio command on 32-bit systems may result in a buffer overflow or other security impact.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-31872
CVE-2021-31873An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in an integer overflow and a subsequent heap buffer overflow.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-31873
CVE-2021-28293Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover vulnerability in the Forgot Password feature. The lack of correct configuration leads to recovery of the password reset link generated via the password reset functionality, and thus an unauthenticated attacker can set an arbitrary password for any user.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-28293
CVE-2021-21795A heap-based buffer overflow vulnerability exists in the PSD read_icc_icCurve_data functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to an integer overflow that, in turn, leads to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21795
CVE-2021-21833An improper array index validation vulnerability exists in the TIF IP_planar_raster_unpack functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21833
CVE-2021-21804A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21804
CVE-2021-21820A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21820
CVE-2021-21805An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). A specially crafted HTTP request can lead to arbitrary OS command execution. An attacker can send a crafted HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21805
CVE-2021-21829A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21829
CVE-2021-21830A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21830
CVE-2021-21810A memory corruption vulnerability exists in the XML-parsing ParseAttribs functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21810
CVE-2021-21832A memory corruption vulnerability exists in the ISO Parsing functionality of Disc Soft Ltd Deamon Tools Pro 8.3.0.0767. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21832
CVE-2021-21825A heap-based buffer overflow vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21825
CVE-2021-21826A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An attacker can provide a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21826
CVE-2021-21827A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An attacker can provide a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21827
CVE-2021-21828A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. In the default case of DecodeTreeBlock a label is created via CurPath::AddLabel in order to track the label for later reference. An attacker can provide a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21828
CVE-2021-21811A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21811
CVE-2021-21913An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to command execution. An attacker can connect to the MQTT service to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21913
CVE-2021-21940A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted network packet can lead to a heap buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21940
CVE-2020-27304The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal9.8https://nvd.nist.gov/vuln/detail/CVE-2020-27304
CVE-2021-40391An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-40391
CVE-2021-21950An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function recv_server_device_response_msg_process. A specially-crafted network packet can lead to code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21950
CVE-2021-21951An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h in function read_udp_push_config_file. A specially-crafted network packet can lead to code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21951
CVE-2021-44529A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44529
CVE-2021-44790A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44790
CVE-2021-21903A stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to strcpy. An attacker can send a malicious packet to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21903
CVE-2021-21916An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at 'description_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21916
CVE-2021-21952An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RSA_KEY_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to increased privileges.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21952
CVE-2021-40393An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-40393
CVE-2021-40417When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were parsed for the submitted video by the R3D SDK to calculate the size of a heap buffer. Due to an integer overflow with regards to this calculation, this can result in an undersized heap buffer being allocated. When this heap buffer is written to, a heap-based buffer overflow will occur. This can result in code execution under the context of the application.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-40417
CVE-2021-40418When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the uninitialized member will be dereferenced and then destroyed using the object’s virtual destructor. Due to the object property being uninitialized, this can result in dereferencing an arbitrary pointer for the object’s virtual method table, which can result in code execution under the context of the application.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-40418
CVE-2022-21907HTTP Protocol Stack Remote Code Execution Vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-21907
CVE-2021-40404An authentication bypass vulnerability exists in the cgiserver.cgi Login functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to authentication bypass. An attacker can send an HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-40404
CVE-2021-40407An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->domain variable, that has the value of the domain parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-40407
CVE-2021-40408An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->username variable, that has the value of the userName parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-40408
CVE-2021-40409An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->password variable, that has the value of the password parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-40409
CVE-2022-21217An out-of-bounds write vulnerability exists in the device TestEmail functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-21217
CVE-2022-21724pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-21724
CVE-2021-21960A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21960
CVE-2021-21961A stack-based buffer overflow vulnerability exists in the NBNS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21961
CVE-2022-23614Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23614
CVE-2022-0691Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0691
CVE-2022-25004Hospital Patient Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/doctors/manage_doctor.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25004
CVE-2021-21708In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21708
CVE-2021-4039A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-4039
CVE-2022-24724cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24724
CVE-2022-0730Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0730
CVE-2022-22805A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22805
CVE-2022-22806A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22806
CVE-2022-22720Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22720
CVE-2022-22721If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22721
CVE-2022-23943Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23943
CVE-2022-22965A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22965
CVE-2022-25569Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across installations, allowing unauthenticated attackers to login as root users via extracting a key from the software.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25569
CVE-2021-32980Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-32980
CVE-2021-32984All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project without authorization.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-32984
CVE-2021-32986After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without authorization. The PLC is only relocked by a power cycle, or when the programming software disconnects correctly.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-32986
CVE-2021-33008AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-33008
CVE-2021-33207The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-33207
CVE-2020-19229Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-19229
CVE-2021-28428File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27387) was remediated by restricting the PHP extensions; however, we confirmed that the filter was bypassed via uploading an arbitrary .htaccess and *.hello files in order to execute PHP code to gain RCE.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-28428
CVE-2021-41751Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:909 in function ecma_builtin_array_prototype_object_slice in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-41751
CVE-2021-41752Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021 due to an unbounded recursive call to the new opt() function.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-41752
CVE-2022-26635PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26635
CVE-2022-26628Matrimony v1.0 was discovered to contain a SQL injection vulnerability via the Password parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26628
CVE-2021-26112Multiple stack-based buffer overflow vulnerabilities [CWE-121] both in network daemons and in the command line interpreter of FortiWAN before 4.5.9 may allow an unauthenticated attacker to potentially corrupt control data in memory and execute arbitrary code via specifically crafted requests.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-26112
CVE-2021-26114Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN before 4.5.9 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-26114
CVE-2022-1253Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-1253
CVE-2022-24786PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmedia_rtcp_fb_parse_rpsi() will be affected. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24786
CVE-2022-26613PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability via the category parameter in categorymenu.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26613
CVE-2020-22253Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, and HI3518E_50H10L_S39 were all discovered to have port 9530 open which allows unauthenticated attackers to make arbitrary Telnet connections with the victim device.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-22253
CVE-2022-23900A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request through /cgi-bin/adm.cgi.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23900
CVE-2022-27016There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27016
CVE-2022-27022There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tenda AC9 V15.03.2.21_cn. The attacker can obtain a stable root shell through a constructed payload.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27022
CVE-2021-43421A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43421
CVE-2022-26612In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn't resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.39.8https://nvd.nist.gov/vuln/detail/CVE-2022-26612
CVE-2022-26676aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26676
CVE-2021-43453A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 and prior versions via an out-of-bounds read in parser_parse_for_statement_start in the js-parser-statm.c file. This issue is similar to CVE-2020-29657.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43453
CVE-2021-43474An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter in the HNAP1 function9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43474
CVE-2022-27351Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27351
CVE-2022-27357Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27357
CVE-2022-28001Movie Seat Reservation v1 was discovered to contain a SQL injection vulnerability at /index.php?page=reserve via the id parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-28001
CVE-2022-27047mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27047
CVE-2021-43517FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that opens Telnet port when special command is sent on port 9530.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43517
CVE-2021-43503A Remote Code Execution (RCE) vulnerability exists in h laravel 5.8.38 via an unserialize pop chain in (1) __destruct in \\Routing\\PendingResourceRegistration.php, (2) __cal in Queue\\Capsule\\Manager.php, and (3) __invoke in mockery\\library\\Mockery\\ClosureWrapper.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43503
CVE-2021-36287Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-36287
CVE-2022-26852Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26852
CVE-2022-26854Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26854
CVE-2022-1287A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=save_user. The manipulation with a POST request leads to privilege escalation. The attack can be initiated remotely and does not require authentication. The exploit has been disclosed to the public and may be used.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-1287
CVE-2022-1276Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-1276
CVE-2022-1286heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-1286
CVE-2022-27126zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27126
CVE-2022-27128An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27128
CVE-2022-27129An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27129
CVE-2022-27131An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27131
CVE-2022-27268InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component get_cgi_from_memory. This vulnerability is triggered via a crafted packet.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27268
CVE-2022-27269InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component config_ovpn. This vulnerability is triggered via a crafted packet.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27269
CVE-2022-27270InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component ipsec_secrets. This vulnerability is triggered via a crafted packet.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27270
CVE-2022-27271InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component python-lib. This vulnerability is triggered via a crafted packet.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27271
CVE-2022-27272InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_1791C. This vulnerability is triggered via a crafted packet.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27272
CVE-2022-27273InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12168. This vulnerability is triggered via a crafted packet.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27273
CVE-2022-27274InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12028. This vulnerability is triggered via a crafted packet.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27274
CVE-2022-27275InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_122D0. This vulnerability is triggered via a crafted packet.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27275
CVE-2022-27276InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_10F2C. This vulnerability is triggered via a crafted packet.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27276
CVE-2022-27477Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27477
CVE-2022-1295Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-1295
CVE-2022-0949The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0949
CVE-2022-27115In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27115
CVE-2021-37291An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-37291
CVE-2021-38125Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. The vulnerability could be exploited to unauthenticated remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-38125
CVE-2022-1161An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change one and not the other.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-1161
CVE-2022-22258The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and result in elevation-of-privilege.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22258
CVE-2022-22954VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22954
CVE-2022-24829Garden is an automation platform for Kubernetes development and testing. In versions prior to 0.12.39 multiple endpoints did not require authentication. In some operating modes this allows for an attacker to gain access to the application erroneously. The configuration is leaked through the /api endpoint on the local server that is responsible for serving the Garden dashboard. At the moment, this server is accessible to 0.0.0.0 which makes it accessible to anyone on the same network (or anyone on the internet if they are on a public, static IP). This may lead to the ability to compromise credentials, secrets or environment variables. Users are advised to upgrade to version 0.12.39 as soon as possible. Users unable to upgrade should use a firewall blocking access to port 9777 from all untrusted network machines.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24829
CVE-2022-26093Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26093
CVE-2022-26094Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26094
CVE-2022-26095Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26095
CVE-2022-26096Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26096
CVE-2022-26097Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26097
CVE-2022-26098Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26098
CVE-2022-27567Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27567
CVE-2022-27568Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27568
CVE-2022-27569Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27569
CVE-2022-27570Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27570
CVE-2022-27571Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27571
CVE-2022-27572Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27572
CVE-2022-24838Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the `RCPT TO:<BOOKING USER'S EMAIL> ` SMTP command and begin injecting arbitrary SMTP commands. It is recommended that Calendar is upgraded to 3.2.2. There are no workaround available.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24838
CVE-2022-28346An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-28346
CVE-2022-28347A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-28347
CVE-2022-29080The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-29080
CVE-2022-23450A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23450
CVE-2022-25752A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-25752
CVE-2022-0142The Visual Form Builder WordPress plugin before 3.0.6 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0142
CVE-2022-27161Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27161
CVE-2022-27162CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27162
CVE-2022-27163CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27163
CVE-2022-27164CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27164
CVE-2022-27165CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27165
CVE-2022-27472SQL injection vulnerability in Topics Counting feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27472
CVE-2022-27473SQL injection vulnerability in Topics Searching feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27473
CVE-2022-28032AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pages.php9.8https://nvd.nist.gov/vuln/detail/CVE-2022-28032
CVE-2022-28033Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_uploads.php9.8https://nvd.nist.gov/vuln/detail/CVE-2022-28033
CVE-2022-28034AtomCMS 2.0 is vulnerabie to SQL Injection via Atom.CMS_admin_ajax_list-sort.php9.8https://nvd.nist.gov/vuln/detail/CVE-2022-28034
CVE-2022-28035Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_blur-save.php9.8https://nvd.nist.gov/vuln/detail/CVE-2022-28035
CVE-2022-28036AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_navigation.php9.8https://nvd.nist.gov/vuln/detail/CVE-2022-28036
CVE-2022-27139An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27139
CVE-2022-27140An arbitrary file upload vulnerability in the file upload module of Express-Fileupload v1.3.1 allows attackers to execute arbitrary code via a crafted PHP file.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27140
CVE-2022-27260An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27260
CVE-2022-27262An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27262
CVE-2022-27263An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27263
CVE-2022-24491Windows Network File System Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24497.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24491
CVE-2022-24497Windows Network File System Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24491.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24497
CVE-2022-26809Remote Procedure Call Runtime Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24492, CVE-2022-24528.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26809
CVE-2022-21420Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).9.8https://nvd.nist.gov/vuln/detail/CVE-2022-21420
CVE-2022-21445Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).9.8https://nvd.nist.gov/vuln/detail/CVE-2022-21445
CVE-2017-2792An exploitable heap corruption vulnerability exists in the iBldDirInfo functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can provide a malicious xls file to trigger this vulnerability.9.6https://nvd.nist.gov/vuln/detail/CVE-2017-2792
CVE-2022-0097Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page.9.6https://nvd.nist.gov/vuln/detail/CVE-2022-0097
CVE-2022-0466Inappropriate implementation in Extensions Platform in Google Chrome prior to 98.0.4758.80 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page.9.6https://nvd.nist.gov/vuln/detail/CVE-2022-0466
CVE-2021-32157A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.9.6https://nvd.nist.gov/vuln/detail/CVE-2021-32157
CVE-2018-3881An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope v2416. A unauthenticated attacker could submit a specially crafted web request to FocalScope's server that could cause an XXE, and potentially result in data compromise.9.4https://nvd.nist.gov/vuln/detail/CVE-2018-3881
CVE-2016-8721An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input can cause an OS Command Injection resulting in complete compromise of the vulnerable device. An attacker can exploit this vulnerability remotely.9.1https://nvd.nist.gov/vuln/detail/CVE-2016-8721
CVE-2017-2782An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection9.1https://nvd.nist.gov/vuln/detail/CVE-2017-2782
CVE-2016-5018In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.9.1https://nvd.nist.gov/vuln/detail/CVE-2016-5018
CVE-2017-14457An exploitable information leak/denial of service vulnerability exists in the libevm (Ethereum Virtual Machine) `create2` opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker can create/send malicious a smart contract to trigger this vulnerability.9.1https://nvd.nist.gov/vuln/detail/CVE-2017-14457
CVE-2019-5016An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory read, resulting in a denial of service or remote information disclosure. An unauthenticated attacker can send a crafted packet on the local network to trigger this vulnerability.9.1https://nvd.nist.gov/vuln/detail/CVE-2019-5016
CVE-2019-6143Forcepoint Next Generation Firewall (Forcepoint NGFW) 6.4.x before 6.4.7, 6.5.x before 6.5.4, and 6.6.x before 6.6.2 has a serious authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services protected by the NGFW Engine. The vulnerability affects the following NGFW features when the LDAP authentication method is used as the backend authentication: IPsec VPN, SSL VPN or Browser-based user authentication. The vulnerability does not apply when any other backend authentication is used. The RADIUS authentication method is not vulnerable, for example.9.1https://nvd.nist.gov/vuln/detail/CVE-2019-6143
CVE-2019-10082In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.9.1https://nvd.nist.gov/vuln/detail/CVE-2019-10082
CVE-2020-6058An exploitable out-of-bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out-of-bounds memory read, which can result in the disclosure of sensitive information and denial of service. To trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server.9.1https://nvd.nist.gov/vuln/detail/CVE-2020-6058
CVE-2020-6091An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An attacker can send an HTTP request to trigger this vulnerability.9.1https://nvd.nist.gov/vuln/detail/CVE-2020-6091
CVE-2021-21809A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-21809
CVE-2021-22945When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-22945
CVE-2021-21873A specially-crafted HTTP request can lead to arbitrary command execution in RSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-21873
CVE-2021-21874A specially-crafted HTTP request can lead to arbitrary command execution in DSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-21874
CVE-2021-21875A specially-crafted HTTP request can lead to arbitrary command execution in EC keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-21875
CVE-2021-21876Specially-crafted HTTP requests can lead to arbitrary command execution in PUT requests. An attacker can make authenticated HTTP requests to trigger this vulnerability.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-21876
CVE-2021-21877Specially-crafted HTTP requests can lead to arbitrary command execution in “GET” requests. An attacker can make authenticated HTTP requests to trigger this vulnerability.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-21877
CVE-2021-21884An OS command injection vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-21884
CVE-2021-21887A stack-based buffer overflow vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-21887
CVE-2021-21888An OS command injection vulnerability exists in the Web Manager SslGenerateCertificate functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-21888
CVE-2021-21890A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution in the vulnerable portion of the branch (deletedir). An attacker can make an authenticated HTTP request to trigger this vulnerability.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-21890
CVE-2021-21891A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution in the vulnerable portion of the branch (deletefile). An attacker can make an authenticated HTTP request to trigger this vulnerability.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-21891
CVE-2021-21894A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary file overwrite FsTFtp file disclosure. An attacker can make an authenticated HTTP request to trigger this vulnerability.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-21894
CVE-2022-0686Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-0686
CVE-2022-0482Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-0482
CVE-2022-0715A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)9.1https://nvd.nist.gov/vuln/detail/CVE-2022-0715
CVE-2022-27815SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an information leak or denial of service.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-27815
CVE-2022-27816SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-27816
CVE-2022-26530swaylock before 1.6 allows attackers to trigger a crash and achieve unlocked access to a Wayland compositor.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-26530
CVE-2022-23441A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-23441
CVE-2022-27818SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-27818
CVE-2021-46419An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-46419
CVE-2022-28805singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-28805
CVE-2021-36288Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which may lead unauthenticated users to read/write restricted files9.1https://nvd.nist.gov/vuln/detail/CVE-2021-36288
CVE-2022-26851Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-26851
CVE-2022-27133zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-27133
CVE-2022-27277InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file deletion vulnerability via the function sub_17C08.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-27277
CVE-2022-1296Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-1296
CVE-2022-1297Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-1297
CVE-2021-46742The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-46742
CVE-2022-26099Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds read by remote attackers.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-26099
CVE-2022-27577The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-27577
CVE-2017-2787A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code execution. This client is always listening, has root privileges, and requires no user interaction to exploit.9https://nvd.nist.gov/vuln/detail/CVE-2017-2787
CVE-2018-3832An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To trigger this vulnerability, an attacker can upload an MPFS binary via the '/mpfsupload' HTTP form and later on upload the firmware via a POST request to 'firmware.htm'.9https://nvd.nist.gov/vuln/detail/CVE-2018-3832
CVE-2018-3963An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into the dhcpd.conf file without prior sanitization, allowing for arbitrary execution of system commands. To trigger this vulnerability, an attacker can send a DHCP request message and set up the corresponding static DHCP entry.9https://nvd.nist.gov/vuln/detail/CVE-2018-3963
CVE-2019-5035An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacker can send specially crafted packets to trigger this vulnerability.9https://nvd.nist.gov/vuln/detail/CVE-2019-5035

OTHER VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2016-8733An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a kernel panic and potentially be leveraged into a full privilege escalation vulnerability. This vulnerability is distinct from CVE-2016-9031.8.8https://nvd.nist.gov/vuln/detail/CVE-2016-8733
CVE-2017-7297Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-7297
CVE-2016-8718An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web server which will be treated as an authentic request.8.8https://nvd.nist.gov/vuln/detail/CVE-2016-8718
CVE-2017-2827An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2827
CVE-2017-2828An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2828
CVE-2017-2841An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2841
CVE-2017-2842In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2842
CVE-2017-2843In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2843
CVE-2017-2844In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2844
CVE-2017-2845An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SMTP configuration tests resulting in command execution8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2845
CVE-2017-2846In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2846
CVE-2017-2847In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2847
CVE-2017-2848In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2848
CVE-2017-2849In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2849
CVE-2017-2850In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during a username change, which in turn allows for bypassing chroot restrictions in the FTP server. An attacker can simply send an HTTP request to the device to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2850
CVE-2017-2814An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2814
CVE-2017-2818An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2818
CVE-2017-2820An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2820
CVE-2017-2821An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2821
CVE-2017-2822An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user controlled data being written to the stack. A maliciously crafted PDF file can be used to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2822
CVE-2017-2816An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2816
CVE-2017-2887An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2887
CVE-2017-2888An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2888
CVE-2017-11292Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-11292
CVE-2017-2866An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2866
CVE-2017-2881An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2881
CVE-2017-2890An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2890
CVE-2017-2916An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2916
CVE-2017-2917An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2917
CVE-2018-3835An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. The vulnerability is present in the reading of a file without proper parameter checking. The value read in, is not verified to be valid and its use can lead to a buffer overflow, potentially resulting in code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3835
CVE-2018-3839An exploitable code execution vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3839
CVE-2018-3846In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3846
CVE-2018-3848In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3848
CVE-2018-3849In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3849
CVE-2017-2871Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access can fully compromise the device by performing a firmware recovery using a custom image.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2871
CVE-2018-3842An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code execution. An attacker needs to trick the user to open a malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3842
CVE-2018-3843An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can potentially lead to sensitive memory disclosure, and possibly to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3843
CVE-2017-14458An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-14458
CVE-2018-3850An exploitable use-after-free vulnerability exists in the JavaScript engine Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If a browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3850
CVE-2016-8382An exploitable heap corruption vulnerability exists in the Doc_SetSummary functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send a malicious doc file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2016-8382
CVE-2016-8383An exploitable heap corruption vulnerability exists in the Doc_GetFontTable functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious doc file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2016-8383
CVE-2016-8384An exploitable heap corruption vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter.8.8https://nvd.nist.gov/vuln/detail/CVE-2016-8384
CVE-2017-12108An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-12108
CVE-2017-12109An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULRK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-12109
CVE-2017-12122An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-12122
CVE-2017-14440An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-14440
CVE-2017-14441An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-14441
CVE-2017-14442An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-14442
CVE-2017-14448An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-14448
CVE-2017-14449A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-14449
CVE-2017-2923An exploitable heap based buffer overflow vulnerability exists in the 'read_biff_next_record function' of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2923
CVE-2017-2924An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-2924
CVE-2017-12120An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the "/goform/net_WebPingGetValue" URI to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-12120
CVE-2017-12121An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakey\\_name= parm in the "/goform/WebRSAKEYGen" uri to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-12121
CVE-2017-12123An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-12123
CVE-2017-12125An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the "/goform/net_WebCSRGen" uri to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-12125
CVE-2017-12126An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-12126
CVE-2017-14432An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the openvpnServer0_tmp= parameter in the "/goform/net\\_Web\\_get_value" uri to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-14432
CVE-2017-14433An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetwork0= parameter in the "/goform/net\\_Web\\_get_value" uri to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-14433
CVE-2017-14434An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetmask0= parameter in the "/goform/net\\_Web\\_get_value" uri to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-14434
CVE-2018-0387A vulnerability in Cisco Webex Teams (for Windows and macOS) could allow an unauthenticated, remote attacker to execute arbitrary code on the user's device, possibly with elevated privileges. The vulnerability occurs because Cisco Webex Teams does not properly sanitize input. An attacker could exploit the vulnerability by sending a user a malicious link and persuading the user to follow the link. A successful exploit could allow the attacker to execute arbitrary code on the user's system. Cisco Bug IDs: CSCvh66250.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-0387
CVE-2018-3847Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3847
CVE-2017-14453On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ad_r, which has a size of 16 bytes. An attacker can send an arbitrarily long "ad_r" parameter in order to exploit this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-14453
CVE-2017-14455On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ak, which has a size of 16 bytes. An attacker can send an arbitrarily long "ak" parameter in order to exploit this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-14455
CVE-2017-16337On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. At 0x9d01ef24 the value for the s_offset key is copied using strcpy to the buffer at $sp+0x2b0. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-16337
CVE-2018-3879An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in turn leads to a SQL injection in the video-core database. An attacker can send a series of HTTP requests to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3879
CVE-2017-14452An exploitable buffer overflow vulnerability exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. A strcpy overflows the buffer insteon_pubnub.channel_cc_r, which has a size of 16 bytes. An attacker can send an arbitrarily long "c_r" parameter in order to exploit this vulnerability. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-14452
CVE-2018-3893An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3893
CVE-2018-3895An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long 'endTime' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3895
CVE-2018-3952An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3952
CVE-2018-4010An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system's privileges.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-4010
CVE-2016-9044An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . A specially crafted web parameter can cause a command injection. An authenticated attacker can send a crafted web request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2016-9044
CVE-2018-3896An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "correlationId" value in order to exploit this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3896
CVE-2018-3897An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "callbackUrl" value in order to exploit this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3897
CVE-2018-3875An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy overflows the destination buffer, which has a size of 2,000 bytes. An attacker can send an arbitrarily long "sessionToken" value in order to exploit this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3875
CVE-2018-3882An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The searchfield parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3882
CVE-2018-3883An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The employee and sort_order parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3883
CVE-2018-3884An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The sort_by and start parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3884
CVE-2018-3885An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The order_by parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3885
CVE-2016-9045A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2016-9045
CVE-2018-3864An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "password" value in order to exploit this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3864
CVE-2018-3865An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "cameraIp" value in order to exploit this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3865
CVE-2018-3873An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey" value in order to exploit this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3873
CVE-2018-3874An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long "accessKey" value in order to exploit this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3874
CVE-2018-3876An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket" value in order to exploit this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3876
CVE-2018-3877An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 160 bytes. An attacker can send an arbitrarily long "directory" value in order to exploit this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3877
CVE-2018-3894An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "startTime" value in order to exploit this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3894
CVE-2018-3900An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. An attacker can make the camera scan a QR code to trigger this vulnerability. Alternatively, a user could be convinced to display a QR code from the internet to their camera, which could exploit this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3900
CVE-2018-3977An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3977
CVE-2018-19277securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file8.8https://nvd.nist.gov/vuln/detail/CVE-2018-19277
CVE-2018-3950An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 http server. A specially crafted IP address can cause a stack overflow, resulting in remote code execution. An attacker can send a single authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-3950
CVE-2018-20545There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-20545
CVE-2018-20548There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-20548
CVE-2018-20549There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-20549
CVE-2018-20321An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the default namespace in a separate project, where only cluster admins can be given permissions to access. As of 2018-12-20, this bug affected ALL clusters created or imported by Rancher.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-20321
CVE-2018-4017An exploitable vulnerability exists in the Wi-Fi Access Point feature of the Roav A1 Dashcam running version RoavA1SWV1.9. A set of default credentials can potentially be used to connect to the device. An attacker can connect to the AP to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-4017
CVE-2019-9858Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and _getUpload(), which uses unsanitized user input as a path to save the image. The unsanitized POST parameter object[photo][img][file] is saved in the $upload[img][file] PHP variable, allowing an attacker to manipulate the $tmp_file passed to move_uploaded_file() to save the uploaded file. By setting the parameter to (for example) ../usr/share/horde/static/bd.php, one can write a PHP backdoor inside the web root. The static/ destination folder is a good candidate to drop the backdoor because it is always writable in Horde installations. (The unsanitized POST parameter went probably unnoticed because it's never submitted by the forms, which default to securely using a random path.)8.8https://nvd.nist.gov/vuln/detail/CVE-2019-9858
CVE-2019-12274In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as /root/.kube/config or /var/lib/rancher/management-state/cred/kubeconfig-system.yaml.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-12274
CVE-2019-12303In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-12303
CVE-2019-7845Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-7845
CVE-2019-11409app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-11409
CVE-2019-5051An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5051
CVE-2019-5052An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5052
CVE-2018-14550An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-14550
CVE-2019-12325The Htek UC902 VoIP phone web management interface contains several buffer overflow vulnerabilities in the firmware version 2.0.4.4.46, which allow an attacker to crash the device (DoS) without authentication or execute code (authenticated as a user) to spawn a remote shell as a root user.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-12325
CVE-2019-5057An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5057
CVE-2019-5058An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5058
CVE-2019-5059An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5059
CVE-2019-5060An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5060
CVE-2019-5038An exploitable command execution vulnerability exists in the print-tlv command of Weave tool. A specially crafted weave TLV can trigger a stack-based buffer overflow, resulting in code execution. An attacker can trigger this vulnerability by convincing the user to open a specially crafted Weave command.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5038
CVE-2019-5039An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. A specially crafted weave certificate can trigger a heap-based buffer overflow, resulting in code execution. An attacker can craft a weave certificate to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5039
CVE-2019-5032An exploitable out-of-bounds read vulnerability exists in the LabelSst record parser of Aspose Aspose.Cells 19.1.0 library. A specially crafted XLS file can cause an out-of-bounds read, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5032
CVE-2019-5033An exploitable out-of-bounds read vulnerability exists in the Number record parser of Aspose Aspose.Cells 19.1.0 library. A specially crafted XLS file can cause an out-of-bounds read, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5033
CVE-2019-5041An exploitable Stack Based Buffer Overflow vulnerability exists in the EnumMetaInfo function of Aspose Aspose.Words library, version 18.11.0.0. A specially crafted doc file can cause a stack-based buffer overflow, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5041
CVE-2019-5069A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5069
CVE-2019-5042An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. An attacker can send a malicious PDF to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5042
CVE-2019-5031An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn't handled properly, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5031
CVE-2019-14287In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \\#$((0xffffffff))" command.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-14287
CVE-2019-5114An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and,in certain configuration, access the underlying operating system.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5114
CVE-2019-5116An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause a SQL injection. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5116
CVE-2019-5117Exploitable SQL injection vulnerabilities exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5117
CVE-2019-5119An exploitable SQL injection vulnerability exist in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5119
CVE-2019-5120An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5120
CVE-2019-5121SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter uuid in /objects/pluginSwitch.json.php8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5121
CVE-2019-5122SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter name in /objects/pluginSwitch.json.php.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5122
CVE-2019-5123Specially crafted web requests can cause SQL injections in YouPHPTube 7.6. An attacker can send a web request with Parameter dir in /objects/pluginSwitch.json.php.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5123
CVE-2019-5030A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 (7,0,2019,0220). While parsing a document text info container, the TxMasterStyleAtom::parse function is incorrectly checking the bounds corresponding to the number of style levels, causing a vtable pointer to be overwritten, which leads to code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5030
CVE-2019-5086An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools, version 1.0.7. An integer overflow can occur while walking through tiles that could be exploited to corrupt memory and execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5086
CVE-2019-5087An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools 1.0.7. An integer overflow can occur while calculating the row's allocation size, that could be exploited to corrupt memory and eventually execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5087
CVE-2019-5076An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG header-parser of the Accusoft ImageGear 19.3.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the viction to trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5076
CVE-2019-5083An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFdecodethunderscan function of Accusoft ImageGear 19.3.0 library. A specially crafted TIFF file can cause an out of bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5083
CVE-2019-5109Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5109
CVE-2019-5110Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5110
CVE-2019-5111Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_cat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5111
CVE-2019-5112Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_status was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5112
CVE-2019-5132An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll GEM Raster parser of the Accusoft ImageGear 19.3.0 library. A specially crafted GEM file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5132
CVE-2019-5133An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll BMP parser of the ImageGear 19.3.0 library. A specially crafted BMP file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5133
CVE-2019-5092An exploitable heap out of bounds write vulnerability exists in the UI tag parsing functionality of the DICOM image format of LEADTOOLS 20.0.2019.3.15. A specially crafted DICOM image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An attacker can specially craft a DICOM image to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5092
CVE-2019-5154An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. A specially crafted J2K image file can cause an out of bounds write of a null byte in a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5154
CVE-2019-5144An exploitable heap underflow vulnerability exists in the derive_taps_and_gains function in kdu_v7ar.dll of Kakadu Software SDK 7.10.2. A specially crafted jp2 file can cause a heap overflow, which can result in remote code execution. An attacker could provide a malformed file to the victim to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5144
CVE-2019-5063An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5063
CVE-2019-5064An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5064
CVE-2019-5126An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5126
CVE-2019-5130An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5130
CVE-2019-5131An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5131
CVE-2019-5145An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5145
CVE-2020-6063An exploitable out-of-bounds write vulnerability exists in the uncompress_scan_line function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted PCX file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6063
CVE-2020-6064An exploitable out-of-bounds write vulnerability exists in the uncompress_scan_line function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted PCX file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6064
CVE-2020-6065An exploitable out-of-bounds write vulnerability exists in the bmp_parsing function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted BMP file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6065
CVE-2020-6066An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll JPEG SOFx parser of the Accusoft ImageGear 19.5.0 library. A specially crafted JPEG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6066
CVE-2020-6067An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFF tifread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted TIFF file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6067
CVE-2020-6069An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll JPEG jpegread precision parser of the Accusoft ImageGear 19.5.0 library. A specially crafted JPEG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6069
CVE-2019-5187An exploitable out-of-bounds write vulnerability exists in the TIFreadstripdata function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted TIFF file file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5187
CVE-2020-6068An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG pngread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6068
CVE-2019-5136An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5136
CVE-2019-5140An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5140
CVE-2019-5141An exploitable command injection vulnerability exists in the iw_webs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5141
CVE-2019-5143An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5143
CVE-2019-5153An exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5153
CVE-2019-5162An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5162
CVE-2020-4272IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted request specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-ForceID: 175898.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-4272
CVE-2020-7351An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the "asterisk" user. Note that Trixbox Community Edition has been unsupported by the vendor since 2012. This issue affects: Fonality Trixbox Community Edition, versions 1.2.0 through 2.8.0.4. Versions 1.0 and 1.1 are unaffected.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-7351
CVE-2020-6075An exploitable out-of-bounds write vulnerability exists in the store_data_buffer function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6075
CVE-2020-6076An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll ICO icoread parser of the Accusoft ImageGear 19.5.0 library. A specially crafted ICO file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6076
CVE-2020-6082An exploitable out-of-bounds write vulnerability exists in the ico_read function of the igcore19d.dll library of Accusoft ImageGear 19.6.0. A specially crafted ICO file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6082
CVE-2020-6094An exploitable code execution vulnerability exists in the TIFF fillinraster function of the igcore19d.dll library of Accusoft ImageGear 19.4, 19.5 and 19.6. A specially crafted TIFF file can cause an out-of-bounds write, resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6094
CVE-2020-6081An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6081
CVE-2020-6110An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to trigger this vulnerability. For the most severe effect, target user interaction is required.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6110
CVE-2020-6145An SQL injection vulnerability exists in the frappe.desk.reportview.get functionality of ERPNext 11.1.38. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6145
CVE-2020-6117SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bday parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6117
CVE-2020-6118SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bmonth parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6118
CVE-2020-6119SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The byear parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6119
CVE-2020-6120SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The fn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6120
CVE-2020-6121SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The ln parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6121
CVE-2020-6122SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The mn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6122
CVE-2020-6123An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheck.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6123
CVE-2020-6129SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page CpSessionSet.php is vulnerable to SQL injection.An attacker can make an authenticated HTTP request to trigger these vulnerabilities.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6129
CVE-2020-6130SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassDropSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6130
CVE-2020-6131SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassScheduleSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6131
CVE-2020-6124An exploitable sql injection vulnerability exists in the email parameter functionality of OS4Ed openSIS 7.3. The email parameter in the page EmailCheckOthers.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6124
CVE-2020-6125An exploitable SQL injection vulnerability exists in the GetSchool.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6125
CVE-2020-6126SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The course_period_id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6126
CVE-2020-6127SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. The id parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6127
CVE-2020-6128SQL injection vulnerability exists in the CoursePeriodModal.php page of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. The meet_date parameter in the page CoursePeriodModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6128
CVE-2020-6132SQL injection vulnerability exists in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page ChooseCP.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6132
CVE-2020-6133SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page CourseMoreInfo.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6133
CVE-2020-6134SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page MassDropModal.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6134
CVE-2020-6135An exploitable SQL injection vulnerability exists in the Validator.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6135
CVE-2020-6136An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6136
CVE-2020-6146An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. When drawing the contents of a page and selecting the stroke color from an 'ICCBased' colorspace, the application will read a length from the file and use it as a loop sentinel when writing data into the member of an object. Due to the object member being a buffer of a static size allocated on the heap, this can result in a heap-based buffer overflow. A specially crafted document must be loaded by a victim in order to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-6146
CVE-2020-13531A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 processes reference paths textual USD files. A specially crafted file can trigger the reuse of a freed memory which can result in further memory corruption and arbitrary code execution. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13531
CVE-2020-13543A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13543
CVE-2020-13584An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13584
CVE-2020-13525The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13525
CVE-2020-13526SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. The reportTables_Ajax and clientSetupAjax pages are vulnerable to SQL injection in the sort parameter.An attacker can make an authenticated HTTP request to trigger these vulnerabilities.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13526
CVE-2020-13512A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0d8 gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13512
CVE-2020-13513A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0dc gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13513
CVE-2020-13514A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0e0 gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13514
CVE-2020-13515A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c40a148 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause an adversary to obtain elevated privileges. An attacker can send a malicious IRP to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13515
CVE-2020-13519A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c402088 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. An attacker can send a malicious IRP to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13519
CVE-2020-13557A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13557
CVE-2020-13560A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13560
CVE-2020-13570A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger the reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13570
CVE-2020-13547A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger an improper use of an object, resulting in memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13547
CVE-2020-13541An exploitable local privilege elevation vulnerability exists in the file system permissions of the Mobile-911 Server V2.5 install directory. Depending on the vector chosen, an attacker can overwrite the service executable and execute arbitrary code with System privileges or replace other files within the installation folder that could lead to local privilege escalation.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13541
CVE-2021-1257A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a web-based management user to follow a specially crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the authenticated user. These actions include modifying the device configuration, disconnecting the user's session, and executing Command Runner commands.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-1257
CVE-2020-13569A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can send an HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13569
CVE-2020-13586A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13586
CVE-2020-13548In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13548
CVE-2020-13561An out-of-bounds write vulnerability exists in the TIFF parser of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13561
CVE-2020-13571An out-of-bounds write vulnerability exists in the SGI RLE decompression functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13571
CVE-2020-13572A heap overflow vulnerability exists in the way the GIF parser decodes LZW compressed streams in Accusoft ImageGear 19.8. A specially crafted malformed file can trigger a heap overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13572
CVE-2020-13585An out-of-bounds write vulnerability exists in the PSD Header processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13585
CVE-2020-13551An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13551
CVE-2020-13552An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13552
CVE-2020-13553An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13553
CVE-2020-13555An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13555
CVE-2020-13558A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13558
CVE-2021-21480SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). An attacker can intercept a request to the server, inject malicious JSP code in the request and forward to server. When this dashboard is opened by users having at least SAP_XMII Developer role, malicious content in the dashboard gets executed, leading to remote code execution in the server, which allows privilege escalation. The malicious JSP code can contain certain OS commands, through which an attacker can read sensitive files in the server, modify files or even delete contents in the server thus compromising the confidentiality, integrity and availability of the server hosting the SAP MII application. Also, an attacker authenticated as a developer can use the application to upload and execute a file which will permit them to execute operating systems commands completely compromising the server hosting the application.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21480
CVE-2021-21782An out-of-bounds write vulnerability exists in the SGI format buffer size processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21782
CVE-2020-13587An exploitable SQL injection vulnerability exists in the "forms_fields_rules/rules" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13587
CVE-2020-13591An exploitable SQL injection vulnerability exists in the "access_rules/rules_form" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13591
CVE-2020-13592An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13592
CVE-2020-13566SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/edit_group.php, when the POST parameter action is “Delete”, the POST parameter delete_group leads to a SQL injection.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13566
CVE-2020-13568SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/edit_group.php, when the POST parameter action is “Submit”, the POST parameter parent_id leads to a SQL injection.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13568
CVE-2020-27226An exploitable SQL injection vulnerability exists in ‘quickFile.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-27226
CVE-2020-27229A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findPersonID parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-27229
CVE-2020-27230A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findSector parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-27230
CVE-2020-27231A number of exploitable SQL injection vulnerabilities exists in ‘patientslist.do’ page of OpenClinic GA 5.173.3 application. The findDistrict parameter in ‘‘patientslist.do’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-27231
CVE-2020-27232An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-27232
CVE-2020-27242An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoLocation parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-27242
CVE-2020-27243An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoService parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-27243
CVE-2020-27244An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoCode parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-27244
CVE-2020-27245An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoBuyer parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-27245
CVE-2020-27246An exploitable SQL injection vulnerability exists in ‘listImmoLabels.jsp’ page of OpenClinic GA 5.173.3 application. The immoComment parameter in the ‘listImmoLabels.jsp’ page is vulnerable to authenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-27246
CVE-2021-21787A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0d8, the first dword passed in the input buffer is the device port to write to and the byte at offset 4 is the value to write via the OUT instruction. The OUT instruction can write one byte to the given I/O device port, potentially leading to escalated privileges of unprivileged users.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21787
CVE-2021-21788A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0dc, the first dword passed in the input buffer is the device port to write to and the word at offset 4 is the value to write via the OUT instruction. The OUT instruction can write one byte to the given I/O device port, potentially leading to escalated privileges of unprivileged users. A local attacker can send a malicious IRP to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21788
CVE-2021-21789A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0e0, the first dword passed in the input buffer is the device port to write to and the dword at offset 4 is the value to write via the OUT instruction. A local attacker can send a malicious IRP to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21789
CVE-2021-21775A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21775
CVE-2021-21807An integer overflow vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21807
CVE-2021-21779A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21779
CVE-2021-21793An out-of-bounds write vulnerability exists in the JPG sof_nb_comp header processing functionality of Accusoft ImageGear 19.8 and 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21793
CVE-2021-21806An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21806
CVE-2021-21831A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21831
CVE-2021-21870A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.4.37651. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening a malicious file or site to trigger this vulnerability if the browser plugin extension is enabled.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21870
CVE-2021-21893A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.0.0.49893. A specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21893
CVE-2020-28589An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28589
CVE-2021-21859An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The stri_box_read function is used when processing atoms using the 'stri' FOURCC code. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21859
CVE-2021-21860An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. The FOURCC code, 'trik', is parsed by the function within the library. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21860
CVE-2021-21861An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21861
CVE-2020-13588An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The heading_field_id parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13588
CVE-2020-13589An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The entities_id parameter in the 'entities/fields page (mulitple_edit or copy_selected or export function) is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13589
CVE-2021-21837Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21837
CVE-2021-21838Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21838
CVE-2021-21839Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21839
CVE-2021-21843Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. After validating the number of ranges, at [41] the library will multiply the count by the size of the GF_SubsegmentRangeInfo structure. On a 32-bit platform, this multiplication can result in an integer overflow causing the space of the array being allocated to be less than expected. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21843
CVE-2021-21844Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when encountering an atom using the “stco” FOURCC code, can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21844
CVE-2021-21845Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsc” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21845
CVE-2021-21846Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsz” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21846
CVE-2021-21847Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stts” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21847
CVE-2021-21851Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “csgp” decoder sample group description indices can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21851
CVE-2021-21852Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “stss” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21852
CVE-2021-21853Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21853
CVE-2021-21854Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21854
CVE-2021-21855Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21855
CVE-2021-21856Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21856
CVE-2021-21857Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21857
CVE-2021-21858Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21858
CVE-2021-21834An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom for the “co64” FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21834
CVE-2021-21835An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom associated with the “csgp” FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21835
CVE-2021-21836An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input using the “ctts” FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21836
CVE-2021-21840An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input used to process an atom using the “saio” FOURCC code cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21840
CVE-2021-21841An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when reading an atom using the 'sbgp' FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21841
CVE-2021-21842An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when processing an atom using the 'ssix' FOURCC code, due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21842
CVE-2021-21848An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for atoms with the “stsz” FOURCC code when parsing atoms that use the “stz2” FOURCC code and can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21848
CVE-2021-21849An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “tfra” FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21849
CVE-2021-21850An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “trun” FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21850
CVE-2020-35633A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() store_sm_boundary_item() Edge_of.A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-35633
CVE-2020-35634A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->boundary_entry_objects Sloop_of. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-35634
CVE-2020-35635A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-35635
CVE-2021-21897A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21897
CVE-2017-5123Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-5123
CVE-2021-21899A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21899
CVE-2021-21900A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21900
CVE-2021-21898A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21898
CVE-2021-21957A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report ODS Remote Connector 20.2.16900.0. A specially-crafted command injection can lead to elevated capabilities. An attacker can provide a malicious file to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21957
CVE-2021-21879A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21879
CVE-2021-21882An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21882
CVE-2021-21901A stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to memcpy. An attacker can send a malicious packet to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21901
CVE-2021-21915An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at ‘company_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21915
CVE-2021-21917An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at '‘ord’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21917
CVE-2021-21918A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21918
CVE-2021-21919A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ord’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21919
CVE-2021-21920A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘surname_filter’ parameter with the administrative account or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21920
CVE-2021-21921A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter with the administrative account or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21921
CVE-2021-21922A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘username_filter’ parameter with the administrative account or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21922
CVE-2021-21923A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘company_filter’ parameter with the administrative account or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21923
CVE-2021-21924A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘desc_filter’ parameter.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21924
CVE-2021-21925A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘firm_filter’ parameter.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21925
CVE-2021-21927A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘loc_filter’ parameter.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21927
CVE-2021-21928A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘mac_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21928
CVE-2021-21929A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘prod_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21929
CVE-2021-21930A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘sn_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21930
CVE-2021-21931A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at‘ stat_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21931
CVE-2021-21932A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘name_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21932
CVE-2021-21933A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘esn_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21933
CVE-2021-21934A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘imei_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21934
CVE-2021-21935A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter2’ parameter. This can be done as any authenticated user or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21935
CVE-2021-21936A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘health_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21936
CVE-2021-21937A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21937
CVE-2022-23307CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-23307
CVE-2021-40413An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The UpgradePrepare is the API that checks if a provided filename identifies a new version of the RLC-410W firmware. If the version is new, it would be possible, allegedly, to later on perform the Upgrade. An attacker can send an HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-40413
CVE-2021-40414An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The SetMdAlarm API sets the movement detection parameters, giving the ability to set the sensitivity of the camera per a range of hours, and which of the camera spaces to ignore when considering movement detection. Because in cgi_check_ability the SetMdAlarm API does not have a specific case, the user permission will default to 7. This will give non-administrative users the possibility to change the movement detection parameters.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-40414
CVE-2021-40416An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. All the Get APIs that are not included in cgi_check_ability are already executable by any logged-in users. An attacker can send an HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-40416
CVE-2021-40420A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-40420
CVE-2022-22150A memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger an exception which is improperly handled, leaving the engine in an invalid state, which can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-22150
CVE-2022-0098Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0098
CVE-2022-0099Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gesture.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0099
CVE-2022-0100Heap buffer overflow in Media streams API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0100
CVE-2022-0101Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via specific user gesture.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0101
CVE-2022-0102Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0102
CVE-2022-0103Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0103
CVE-2022-0104Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0104
CVE-2022-0105Use after free in PDF Accessibility in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0105
CVE-2022-0106Use after free in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0106
CVE-2022-0107Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0107
CVE-2022-0115Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0115
CVE-2022-23176WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. This vulnerability impacts Fireware OS before 12.7.2_U1, 12.x before 12.1.3_U3, and 12.2.x through 12.5.x before 12.5.7_U3.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-23176
CVE-2022-25600Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3).8.8https://nvd.nist.gov/vuln/detail/CVE-2022-25600
CVE-2022-27223In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-27223
CVE-2022-23346BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-23346
CVE-2022-23349BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF).8.8https://nvd.nist.gov/vuln/detail/CVE-2022-23349
CVE-2022-27435An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allows attackers to upload a webshell via the Product Image component.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-27435
CVE-2022-23732A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the management console. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.5 and was fixed in versions 3.1.19, 3.2.11, 3.3.6, 3.4.1. This vulnerability was reported via the GitHub Bug Bounty program.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-23732
CVE-2021-45891An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that allows attackers to escalate privileges within the application, since all permission checks are done client-side, not server-side.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-45891
CVE-2021-39114Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-39114
CVE-2021-38834easy-mock v1.5.0-v1.6.0 allows remote attackers to bypass the vm2 sandbox and execute arbitrary system commands through special js code.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-38834
CVE-2022-26630Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \\app.\\admin\\Controllers\\db.php.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-26630
CVE-2022-24780Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execute arbitrary code on the server using http server user privileges. This issue is fixed in versions 2.7.6 and 3.0.0. There are currently no known workarounds.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24780
CVE-2022-26110An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-26110
CVE-2021-24009Multiple improper neutralization of special elements used in an OS command vulnerabilities (CWE-78) in the Web GUI of FortiWAN before 4.5.9 may allow an authenticated attacker to execute arbitrary commands on the underlying system's shell via specifically crafted HTTP requests.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-24009
CVE-2021-44169A improper initialization in Fortinet FortiClient (Windows) version 6.0.10 and below, version 6.2.9 and below, version 6.4.7 and below, version 7.0.3 and below allows attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-44169
CVE-2021-26116An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-26116
CVE-2022-20763A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attacker to inject arbitrary Java code. This vulnerability is due to improper deserialization of Java code within login requests. An attacker could exploit this vulnerability by sending malicious login requests to the Cisco Webex Meetings service. A successful exploit could allow the attacker to inject arbitrary Java code and take arbitrary actions within the Cisco Webex Meetings application.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-20763
CVE-2022-26605eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload functionality.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-26605
CVE-2020-27373Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to Plain text command over BLE.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-27373
CVE-2020-27376Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Missing Authentication.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-27376
CVE-2022-26627Online Project Time Management System v1.0 was discovered to contain an arbitrary file write vulnerability which allows attackers to execute arbitrary code via a crafted HTML file.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-26627
CVE-2021-43430An Access Control vulnerability exists in BigAntSoft BigAnt office messenger 5.6 via im_webserver, which could let a malicious user upload PHP Trojan files.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-43430
CVE-2022-0935Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0935
CVE-2022-23972ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-23972
CVE-2022-23973ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. An unauthenticated LAN attacker can execute arbitrary code to perform arbitrary operations or disrupt service.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-23973
CVE-2022-25596ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-25596
CVE-2022-25597ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-25597
CVE-2022-26670D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to control the system or disrupt service.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-26670
CVE-2021-36202Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson Controls Metasys All 10 versions versions prior to 10.1.5; All 11 versions versions prior to 11.0.2.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-36202
CVE-2022-27064Musical World v1 was discovered to contain an arbitrary file upload vulnerability via uploaded_songs.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-27064
CVE-2022-27346Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-27346
CVE-2022-27352Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-27352
CVE-2022-27992Zoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /public_html/animals via the class_id parameter.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-27992
CVE-2022-28000Car Rental System v1.0 was discovered to contain a SQL injection vulnerability at /Car_Rental/booking.php via the id parameter.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-28000
CVE-2021-41715libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither.c:379.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-41715
CVE-2022-27044libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c:876.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-27044
CVE-2022-27046libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-27046
CVE-2020-4668IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186283.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-4668
CVE-2021-40656libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-40656
CVE-2022-24428Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially exploit this vulnerability, leading to an escalation of file privileges and information disclosure.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24428
CVE-2022-26180qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-26180
CVE-2021-32156A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-32156
CVE-2021-32159A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-32159
CVE-2021-32162A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-32162
CVE-2021-40219Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-40219
CVE-2022-0999An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0999
CVE-2022-22572A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. The vulnerability affects Incapptic Connect version < 1.40.1.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-22572
CVE-2022-25753A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The handling of arguments such as IP addresses in the CLI of affected devices is prone to buffer overflows. This could allow an authenticated remote attacker to execute arbitrary code on the device.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-25753
CVE-2022-25754A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-25754
CVE-2022-28661A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15114)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-28661
CVE-2022-23257Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-22009, CVE-2022-24537.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-23257
CVE-2022-23259Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-23259
CVE-2022-24487Windows Local Security Authority (LSA) Remote Code Execution Vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24487
CVE-2022-24492Remote Procedure Call Runtime Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24528, CVE-2022-26809.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24492
CVE-2022-24500Windows SMB Remote Code Execution Vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24500
CVE-2022-24528Remote Procedure Call Runtime Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24492, CVE-2022-26809.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24528
CVE-2022-24541Windows Server Service Remote Code Execution Vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24541
CVE-2022-21442Vulnerability in Oracle GoldenGate (component: OGG Core Library). The supported version that is affected is Prior to 23.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle GoldenGate executes to compromise Oracle GoldenGate. While the vulnerability is in Oracle GoldenGate, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle GoldenGate. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).8.8https://nvd.nist.gov/vuln/detail/CVE-2022-21442
CVE-2018-3911An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages, leading to partially controlled requests generated toward the internal video-core process. An attacker can send an HTTP request to trigger this vulnerability.8.6https://nvd.nist.gov/vuln/detail/CVE-2018-3911
CVE-2018-3907An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'on_url' callback. An attacker can send an HTTP request to trigger this vulnerability.8.6https://nvd.nist.gov/vuln/detail/CVE-2018-3907
CVE-2018-3909An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, 'onmessagecomplete' callback. An attacker can send an HTTP request to trigger this vulnerability.8.6https://nvd.nist.gov/vuln/detail/CVE-2018-3909
CVE-2017-2795An exploitable heap corruption vulnerability exists in the Txo functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigger this vulnerability.8.6https://nvd.nist.gov/vuln/detail/CVE-2017-2795
CVE-2021-25220BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.8.6https://nvd.nist.gov/vuln/detail/CVE-2021-25220
CVE-2022-21430Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.4 and 12.0.0.5. Difficult to exploit vulnerability allows low privileged attacker with network access via TCP to compromise Oracle Communications Billing and Revenue Management. While the vulnerability is in Oracle Communications Billing and Revenue Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).8.5https://nvd.nist.gov/vuln/detail/CVE-2022-21430
CVE-2019-9503The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.8.3https://nvd.nist.gov/vuln/detail/CVE-2019-9503
CVE-2022-24475Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.8.3https://nvd.nist.gov/vuln/detail/CVE-2022-24475
CVE-2022-21424Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). The supported version that is affected is 12.0.0.4. Easily exploitable vulnerability allows low privileged attacker with network access via TCP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Communications Billing and Revenue Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Communications Billing and Revenue Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L).8.3https://nvd.nist.gov/vuln/detail/CVE-2022-21424
CVE-2016-9050An exploitable out-of-bounds read vulnerability exists in the client message-parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds read resulting in disclosure of memory within the process, the same vulnerability can also be used to trigger a denial of service. An attacker can simply connect to the port and send the packet to trigger this vulnerability.8.2https://nvd.nist.gov/vuln/detail/CVE-2016-9050
CVE-2017-2895An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.8.2https://nvd.nist.gov/vuln/detail/CVE-2017-2895
CVE-2018-3906An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the shard.videoHostURL field from its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.8.2https://nvd.nist.gov/vuln/detail/CVE-2018-3906
CVE-2018-3915An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket" value in order to exploit this vulnerability.8.2https://nvd.nist.gov/vuln/detail/CVE-2018-3915
CVE-2020-6059An exploitable out of bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out of bounds memory read which can result in sensitive information disclosure and Denial Of Service. In order to trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server.8.2https://nvd.nist.gov/vuln/detail/CVE-2020-6059
CVE-2021-20233A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.8.2https://nvd.nist.gov/vuln/detail/CVE-2021-20233
CVE-2021-44224A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).8.2https://nvd.nist.gov/vuln/detail/CVE-2021-44224
CVE-2022-21796A memory corruption vulnerability exists in the netserver parse_command_list functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability.8.2https://nvd.nist.gov/vuln/detail/CVE-2022-21796
CVE-2021-21965A denial of service vulnerability exists in the SeaMax remote configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.8.2https://nvd.nist.gov/vuln/detail/CVE-2021-21965
CVE-2022-21824Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to.8.2https://nvd.nist.gov/vuln/detail/CVE-2022-21824
CVE-2022-1235Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96.8.2https://nvd.nist.gov/vuln/detail/CVE-2022-1235
CVE-2022-21446Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N).8.2https://nvd.nist.gov/vuln/detail/CVE-2022-21446
CVE-2022-21464Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Business Logic Infra SEC). The supported version that is affected is Prior to 9.2.6.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of JD Edwards EnterpriseOne Tools and unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H).8.2https://nvd.nist.gov/vuln/detail/CVE-2022-21464
CVE-2016-8331An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF's tag extension functionality.8.1https://nvd.nist.gov/vuln/detail/CVE-2016-8331
CVE-2016-8706An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.8.1https://nvd.nist.gov/vuln/detail/CVE-2016-8706
CVE-2016-8712An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds.8.1https://nvd.nist.gov/vuln/detail/CVE-2016-8712
CVE-2017-2784An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.8.1https://nvd.nist.gov/vuln/detail/CVE-2017-2784
CVE-2017-2882An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to overwrite sensitive files, resulting in code execution. An attacker needs to impersonate a remote server in order to trigger this vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2017-2882
CVE-2017-2883An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code. An attacker needs to impersonate a remote server in order to trigger this vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2017-2883
CVE-2017-2914An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs network connectivity to the device to trigger this vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2017-2914
CVE-2017-4995An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets." Spring Security configures Jackson with global default typing enabled, which means that (through the previous exploit) arbitrary code could be executed if all of the following is true: (1) Spring Security's Jackson support is being leveraged by invoking SecurityJackson2Modules.getModules(ClassLoader) or SecurityJackson2Modules.enableDefaultTyping(ObjectMapper); (2) Jackson is used to deserialize data that is not trusted (Spring Security does not perform deserialization using Jackson, so this is an explicit choice of the user); and (3) there is an unknown (Jackson is not blacklisting it already) "deserialization gadget" that allows code execution present on the classpath. Jackson provides a blacklisting approach to protecting against this type of attack, but Spring Security should be proactive against blocking unknown "deserialization gadgets" when Spring Security enables default typing.8.1https://nvd.nist.gov/vuln/detail/CVE-2017-4995
CVE-2017-12112An exploitable improper authorization vulnerability exists in admin_addPeer API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2017-12112
CVE-2017-12115An exploitable improper authorization vulnerability exists in miner_setEtherbase API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass.8.1https://nvd.nist.gov/vuln/detail/CVE-2017-12115
CVE-2017-12117An exploitable improper authorization vulnerability exists in miner_start API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2017-12117
CVE-2017-12113An exploitable improper authorization vulnerability exists in admin_nodeInfo API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2017-12113
CVE-2017-12116An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2017-12116
CVE-2017-12118An exploitable improper authorization vulnerability exists in miner_stop API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). An attacker can send JSON to trigger this vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2017-12118
CVE-2017-2835An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle to trigger this vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2017-2835
CVE-2017-2815An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2017-2815
CVE-2018-10887A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.8.1https://nvd.nist.gov/vuln/detail/CVE-2018-10887
CVE-2017-16349An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An attacker can issue authenticated HTTP requests to trigger this vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2017-16349
CVE-2017-2854An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server.8.1https://nvd.nist.gov/vuln/detail/CVE-2017-2854
CVE-2017-2856An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server.8.1https://nvd.nist.gov/vuln/detail/CVE-2017-2856
CVE-2017-2857An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server.8.1https://nvd.nist.gov/vuln/detail/CVE-2017-2857
CVE-2017-2855An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server.8.1https://nvd.nist.gov/vuln/detail/CVE-2017-2855
CVE-2018-3947An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. An attacker can sniff network traffic to exploit this vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2018-3947
CVE-2018-4015An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacker could impersonate a remote BrightCloud server to exploit this vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2018-4015
CVE-2018-20546There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case.8.1https://nvd.nist.gov/vuln/detail/CVE-2018-20546
CVE-2018-20547There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for 24bpp data.8.1https://nvd.nist.gov/vuln/detail/CVE-2018-20547
CVE-2018-4012An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightCloud SDK. The function bc_http_read_header incorrectly handles overlong headers, leading to arbitrary code execution. An unauthenticated attacker could impersonate a remote BrightCloud server to trigger this vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2018-4012
CVE-2018-3956An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensitive memory content and aid in exploitation when coupled with another vulnerability. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2018-3956
CVE-2019-6287In Rancher 2.0.0 through 2.1.5, project members have continued access to create, update, read, and delete namespaces in a project after they have been removed from it.8.1https://nvd.nist.gov/vuln/detail/CVE-2019-6287
CVE-2019-5018An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2019-5018
CVE-2019-12728Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' apps were not resolving dependencies over cleartext HTTP.8.1https://nvd.nist.gov/vuln/detail/CVE-2019-12728
CVE-2019-10101JetBrains Kotlin versions before 1.3.30 were resolving artifacts using an http connection during the build process, potentially allowing an MITM attack.8.1https://nvd.nist.gov/vuln/detail/CVE-2019-10101
CVE-2019-15637Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.8.1https://nvd.nist.gov/vuln/detail/CVE-2019-15637
CVE-2020-7982An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification).8.1https://nvd.nist.gov/vuln/detail/CVE-2020-7982
CVE-2020-6096An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-6096
CVE-2020-8625BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch8.1https://nvd.nist.gov/vuln/detail/CVE-2020-8625
CVE-2021-21772A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-21772
CVE-2020-28593A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-28593
CVE-2021-21941A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to remote code execution.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-21941
CVE-2021-21902An authentication bypass vulnerability exists in the CMA run_server_6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A properly-timed network connection can lead to authentication bypass via session hijacking. An attacker can send a sequence of requests to trigger this vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-21902
CVE-2021-21909Specially-crafted command line arguments can lead to arbitrary file deletion in the del .cnt|.log file delete command. An attacker can provide malicious inputs to trigger this vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2021-21909
CVE-2021-21953An authentication bypass vulnerability exists in the process_msg() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted man-in-the-middle attack can lead to increased privileges.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-21953
CVE-2021-21959A misconfiguration exists in the MQTTS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. This misconfiguration significantly simplifies a man-in-the-middle attack, which directly leads to control of device functionality.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-21959
CVE-2021-21962A heap-based buffer overflow vulnerability exists in the OTA Update u-download functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A series of specially-crafted MQTT payloads can lead to remote code execution. An attacker must perform a man-in-the-middle attack in order to trigger this vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-21962
CVE-2021-21969An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [4] the json_object_get_string to populate the p_payload global variable. The p_payload is only 0x100 bytes long, and the total MQTT message could be up to 0x201 bytes. Because the function json_object_get_string will fill str based on the length of the json’s value and not the actual str size, this would result in a possible out-of-bounds write.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-21969
CVE-2021-21970An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [3] the json_object_get_string to populate the p_name global variable. The p_name is only 0x80 bytes long, and the total MQTT message could be up to 0x201 bytes. Because the function json_object_get_string will fill str based on the length of the json’s value and not the actual str size, this would result in a possible out-of-bounds write.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-21970
CVE-2022-0114Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-0114
CVE-2022-24801Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. Users who may be affected use Twisted Web's HTTP 1.1 server and/or proxy and also pass requests through a different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a different parser, so it is not affected. The issue has been addressed in Twisted 22.4.0rc1. Two workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by upgrading them; or filter malformed requests by other means, such as configuration of an upstream proxy.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-24801
CVE-2022-1213SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-11918.1https://nvd.nist.gov/vuln/detail/CVE-2022-1213
CVE-2021-41245Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, CSRF tokens generated by `privUITransactionFile` aren't properly checked. Versions 2.7.6 and 3.0.0 contain a patch for this issue. As a workaround, use the session implementation by adding in the iTop config file.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-41245
CVE-2021-45103An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can access files stored in S3 cloud storage that a user has asked HTCondor to transfer.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-45103
CVE-2022-20774A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-20774
CVE-2021-46416Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-46416
CVE-2022-22515A remote, unauthenticated attacker could utilize the control programmer of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-22515
CVE-2022-23970ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-23970
CVE-2022-23971ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another PLC/PORT file with the same file name, which results in service disruption.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-23971
CVE-2022-24821XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But a bug allow anyone with edit rights to actually create those. This issue has been patched in XWiki 13.10-rc-1, 12.10.11 and 13.4.6. There's no easy workaround for this issue, administrators should upgrade their wiki.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-24821
CVE-2021-43442A Logic Flaw vulnerability exists in i3 International Inc Annexxus Camera V5.2.0 build 150317 (Ax46), V5.0.9 build 151106 (Ax68), and V5.0.9 build 150615 (Ax78) due to a failure to allow the creation of more than one administrator account; however, this can be bypassed by parameter maniulation using PUT and DELETE and by calling the 'UserPermission' endpoint with the ID of created account and set it to 'admin' userType, successfully adding a second administrative account.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-43442
CVE-2022-24815JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. SQL Injection vulnerability in entities for applications generated with the option "reactive with Spring WebFlux" enabled and an SQL database using r2dbc. Applications created without "reactive with Spring WebFlux" and applications with NoSQL databases are not affected. Users who have generated a microservice Gateway using the affected version may be impacted as Gateways are reactive by default. Currently, SQL injection is possible in the findAllBy(Pageable pageable, Criteria criteria) method of an entity repository class generated in these applications as the where clause using Criteria for queries are not sanitized and user input is passed on as it is by the criteria. This issue has been patched in v7.8.1. Users unable to upgrade should be careful when combining criterias and conditions as the root of the issue lies in the `EntityManager.java` class when creating the where clause via `Conditions.just(criteria.toString())`. `just` accepts the literal string provided. Criteria's `toString` method returns a plain string and this combination is vulnerable to sql injection as the string is not sanitized and will contain whatever used passed as input using any plain SQL.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-24815
CVE-2022-24827Elide is a Java library that lets you stand up a GraphQL/JSON-API web service with minimal effort. When leveraging the following together: Elide Aggregation Data Store for Analytic Queries, Parameterized Columns (A column that requires a client provided parameter), and a parameterized column of type TEXT. There is the potential for a hacker to provide a carefully crafted query that would bypass server side authorization filters through SQL injection. A recent patch to Elide 6.1.2 allowed the '-' character to be included in parameterized TEXT columns. This character can be interpreted as SQL comments ('--') and allow the attacker to remove the WHERE clause from the generated query and bypass authorization filters. A fix is provided in Elide 6.1.4. The vulnerability only exists for parameterized columns of type TEXT and only for analytic queries (CRUD is not impacted). Workarounds include leveraging a different type of parameterized column (TIME, MONEY, etc) or not leveraging parameterized columns.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-24827
CVE-2022-0141The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks8.1https://nvd.nist.gov/vuln/detail/CVE-2022-0141
CVE-2022-24490Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-24539, CVE-2022-26783, CVE-2022-26785.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-24490
CVE-2022-24539Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-24490, CVE-2022-26783, CVE-2022-26785.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-24539
CVE-2022-24545Windows Kerberos Remote Code Execution Vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-24545
CVE-2022-26919Windows LDAP Remote Code Execution Vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-26919
CVE-2022-21404Vulnerability in the Helidon product of Oracle Fusion Middleware (component: Reactive WebServer). Supported versions that are affected are 1.4.10 and 2.0.0-RC1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Helidon. Successful attacks of this vulnerability can result in takeover of Helidon. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).8.1https://nvd.nist.gov/vuln/detail/CVE-2022-21404
CVE-2022-21497Vulnerability in the Oracle Web Services Manager product of Oracle Fusion Middleware (component: Web Services Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Services Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Web Services Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Web Services Manager accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).8.1https://nvd.nist.gov/vuln/detail/CVE-2022-21497
CVE-2017-2915An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point reachable by the device to trigger this vulnerability.8https://nvd.nist.gov/vuln/detail/CVE-2017-2915
CVE-2017-12129An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and could brute force them.8https://nvd.nist.gov/vuln/detail/CVE-2017-12129
CVE-2018-3910An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted SSID can cause a command injection, resulting in code execution. An attacker can cause a camera to connect to this SSID to trigger this vulnerability. Alternatively, an attacker can convince a user to connect their camera to this SSID.8https://nvd.nist.gov/vuln/detail/CVE-2018-3910
CVE-2020-2196Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin.8https://nvd.nist.gov/vuln/detail/CVE-2020-2196
CVE-2021-22127An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow an unauthenticated attacker to execute arbitrary code on the host operating system as root via tricking the user into connecting to a network with a malicious name.8https://nvd.nist.gov/vuln/detail/CVE-2021-22127
CVE-2021-43483An Access Control vulnerability exists in CLARO KAON CG3000 1.00.67 in the router configuration, which could allow a malicious user to read or update the configuraiton without authentication.8https://nvd.nist.gov/vuln/detail/CVE-2021-43483
CVE-2022-26413A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable device via a LAN interface.8https://nvd.nist.gov/vuln/detail/CVE-2022-26413
CVE-2022-24472Microsoft SharePoint Server Spoofing Vulnerability.8https://nvd.nist.gov/vuln/detail/CVE-2022-24472
CVE-2022-24533Remote Desktop Protocol Remote Code Execution Vulnerability.8https://nvd.nist.gov/vuln/detail/CVE-2022-24533
CVE-2016-1575The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.7.8https://nvd.nist.gov/vuln/detail/CVE-2016-1575
CVE-2016-1576The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.7.8https://nvd.nist.gov/vuln/detail/CVE-2016-1576
CVE-2016-2853The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.7.8https://nvd.nist.gov/vuln/detail/CVE-2016-2853
CVE-2016-8332A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.7.8https://nvd.nist.gov/vuln/detail/CVE-2016-8332
CVE-2016-8333An exploitable stack-based buffer overflow vulnerability exists in the ipfSetColourStroke functionality of Iceni Argus version 6.6.04 A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution. An attacker can provide a malicious pdf file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2016-8333
CVE-2016-8335An exploitable stack based buffer overflow vulnerability exists in the ipNameAdd functionality of Iceni Argus Version 6.6.04 (Sep 7 2012) NK - Linux x64 and Version 6.6.04 (Nov 14 2014) NK - Windows x64. A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution. An attacker can send/provide malicious pdf file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2016-8335
CVE-2016-9031An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a kernel panic and potentially be leveraged into a full privilege escalation vulnerability. This vulnerability is distinct from CVE-2016-8733.7.8https://nvd.nist.gov/vuln/detail/CVE-2016-9031
CVE-2016-8710An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be triggered via attempting to decode a crafted BPG image using Libbpg.7.8https://nvd.nist.gov/vuln/detail/CVE-2016-8710
CVE-2016-8709A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2016-8709
CVE-2016-8711A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2016-8711
CVE-2016-8713A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2016-8713
CVE-2016-2568pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.7.8https://nvd.nist.gov/vuln/detail/CVE-2016-2568
CVE-2017-2791JustSystems Ichitaro 2016 Trial contains a vulnerability that exists when trying to open a specially crafted PowerPoint file. Due to the application incorrectly handling the error case for a function's result, the application will use this result in a pointer calculation for reading file data into. Due to this, the application will read data from the file into an invalid address thus corrupting memory. Under the right conditions, this can lead to code execution under the context of the application.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2791
CVE-2016-8385An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF to XML a stack variable will be left uninitialized which will later be used to fetch a length that is used in a copy operation. In most cases this will allow an aggressor to write outside the bounds of a stack buffer which is used to contain colors. This can lead to code execution under the context of the account running the tool.7.8https://nvd.nist.gov/vuln/detail/CVE-2016-8385
CVE-2016-8386An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a PDF containing a malformed font to XML, the tool will attempt to use a size out of the font to search through a linked list of buffers to return. Due to a signedness issue, a buffer smaller than the requested size will be returned. Later when the tool tries to populate this buffer, the overflow will occur which can lead to code execution under the context of the user running the tool.7.8https://nvd.nist.gov/vuln/detail/CVE-2016-8386
CVE-2016-8387An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF with an object encoded w/ multiple encoding types terminating with an LZW encoded type, an overflow may occur due to a lack of bounds checking by the LZW decoder. This can lead to code execution under the context of the account of the user running it.7.8https://nvd.nist.gov/vuln/detail/CVE-2016-8387
CVE-2016-8388An exploitable arbitrary heap-overwrite vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will explicitly trust an index within the specific font object and use it to write the font's name to a single object within an array of objects.7.8https://nvd.nist.gov/vuln/detail/CVE-2016-8388
CVE-2016-8389An exploitable integer-overflow vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will attempt to convert each character from a font into a polygon and then attempt to rasterize these shapes. As the application attempts to iterate through the rows and initializing the polygon shape in the buffer, it will write outside of the bounds of said buffer. This can lead to code execution under the context of the account running it.7.8https://nvd.nist.gov/vuln/detail/CVE-2016-8389
CVE-2016-8715An exploitable heap corruption vulnerability exists in the loadTrailer functionality of Iceni Argus version 6.6.05. A specially crafted PDF file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide a malicious PDF file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2016-8715
CVE-2017-6060Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-6060
CVE-2017-2775An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled VI file can be used to trigger this vulnerability, exploitation could lead to remote code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2775
CVE-2017-2783An exploitable heap corruption vulnerability exists in the FillRowFormat functionality of Antenna House DMC HTMLFilter that is shipped with MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious xls file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2783
CVE-2017-2793An exploitable heap corruption vulnerability exists in the UnCompressUnicode functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2793
CVE-2017-2794An exploitable stack-based buffer overflow vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted PPT file can cause a stack corruption resulting in arbitrary code execution. An attacker can send/provide malicious PPT file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2794
CVE-2017-2797An exploitable heap overflow vulnerability exists in the ParseEnvironment functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2797
CVE-2017-2798An exploitable heap corruption vulnerability exists in the GetIndexArray functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted XLS file can cause a heap corruption resulting in arbitrary code execution. An attacker can send or provide a malicious XLS file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2798
CVE-2017-2799An exploitable heap corruption vulnerability exists in the AddSst functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted XLS file can cause a heap corruption resulting in arbitrary code execution. An attacker can send or provide a malicious XLS file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2799
CVE-2017-2817A stack buffer overflow vulnerability exists in the ISO parsing functionality of Power Software Ltd PowerISO 6.8. A specially crafted ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific ISO file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2817
CVE-2017-2819An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under the context of the application. An attacker can entice a user to open up a document in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2819
CVE-2017-2823A use-after-free vulnerability exists in the .ISO parsing functionality of PowerISO 6.8. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .ISO file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2823
CVE-2017-2813An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. A specially crafted jpeg2000 image can cause an integer overflow leading to wrong memory allocation resulting in arbitrary code execution. Vulnerability can be triggered by viewing the image in via the application or by using thumbnailing feature of IrfanView.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2813
CVE-2017-2863An out-of-bounds write vulnerability exists in the PDF parsing functionality of Infix 7.1.5. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2863
CVE-2017-2779An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument (VI) file can cause an attacker controlled looping condition resulting in an arbitrary null write. An attacker controlled VI file can be used to trigger this vulnerability and can potentially result in code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2779
CVE-2017-2807An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2807
CVE-2017-2808An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2808
CVE-2017-2862An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2862
CVE-2017-2870An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2870
CVE-2017-2809An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2809
CVE-2017-12106A memory corruption vulnerability exists in the .TGA parsing functionality of Computerinsel Photoline 20.02. A specially crafted .TGA file can cause an out of bounds write resulting in potential code execution. An attacker can send a specific .TGA file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-12106
CVE-2017-2880An memory corruption vulnerability exists in the .GIF parsing functionality of Computerinsel Photoline 20.02. A specially crafted .GIF file can cause a vulnerability resulting in potential code execution. An attacker can send specific .GIF file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2880
CVE-2017-2920An memory corruption vulnerability exists in the .SVG parsing functionality of Computerinsel Photoline 20.02. A specially crafted .SVG file can cause a vulnerability resulting in memory corruption, which can potentially lead to arbitrary code execution. An attacker can send a specific .SVG file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2920
CVE-2017-12110An exploitable integer overflow vulnerability exists in the xls_appendSST function of libxls 1.4.A specially crafted XLS file can cause memory corruption resulting in remote code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-12110
CVE-2017-12111An exploitable out-of-bounds vulnerability exists in the xls_addCell function of libxls 1.4. A specially crafted XLS file with a formula record can cause memory corruption resulting in remote code execution. An attacker can send a malicious XLS file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-12111
CVE-2017-2896An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2896
CVE-2017-2897An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2897
CVE-2017-2919An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2919
CVE-2017-2886A memory corruption vulnerability exists in the .PSD parsing functionality of ACDSee Ultimate 10.0.0.292. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in potential code execution. An attacker can send a specific .PSD file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2886
CVE-2018-3886A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3886
CVE-2018-3887A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3887
CVE-2018-3888A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3888
CVE-2018-3861A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3861
CVE-2018-3862A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3862
CVE-2018-3868A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3868
CVE-2018-3889A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3889
CVE-2016-8728An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code execution. Victim needs to open the specially crafted file in a vulnerable reader in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2016-8728
CVE-2016-8729An exploitable memory corruption vulnerability exists in the JBIG2 parser of Artifex MuPDF 1.9. A specially crafted PDF can cause a negative number to be passed to a memset resulting in memory corruption and potential code execution. An attacker can specially craft a PDF and send to the victim to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2016-8729
CVE-2016-8730An of bound write / memory corruption vulnerability exists in the GIF parsing functionality of Core PHOTO-PAINT X8 18.1.0.661. A specially crafted GIF file can cause a vulnerability resulting in potential memory corruption resulting in code execution. An attacker can send the victim a specific GIF file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2016-8730
CVE-2016-8732Multiple security flaws exists in InvProtectDrv.sys which is a part of Invincea Dell Protected Workspace 5.1.1-22303. Weak restrictions on the driver communication channel and additional insufficient checks allow any application to turn off some of the protection mechanisms provided by the Invincea product.7.8https://nvd.nist.gov/vuln/detail/CVE-2016-8732
CVE-2016-9038An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corruption, which could result in privilege escalation. An attacker needs to execute a special application locally to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2016-9038
CVE-2016-9043An out of bound write vulnerability exists in the EMF parsing functionality of CorelDRAW X8 (CdrGfx - Corel Graphics Engine (64-Bit) - 18.1.0.661). A specially crafted EMF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific EMF file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2016-9043
CVE-2017-12081An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-12081
CVE-2017-12082An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to edit an object within a .blend library in their Scene in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-12082
CVE-2017-12086An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-12086
CVE-2017-12099An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-12099
CVE-2017-12100An exploitable integer overflow exists in the 'multires_load_old_dm' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-12100
CVE-2017-12101An exploitable integer overflow exists in the 'modifier_mdef_compact_influences' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-12101
CVE-2017-12102An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-12102
CVE-2017-12103An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-12103
CVE-2017-12104An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-12104
CVE-2017-12105An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-12105
CVE-2017-12107An memory corruption vulnerability exists in the .PCX parsing functionality of Computerinsel Photoline 20.02. A specially crafted .PCX file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .PCX file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-12107
CVE-2017-2803A remote out of bound write vulnerability exists in the TIFF parsing functionality of Core PHOTO-PAINT X8 version 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific TIFF file to trigger this vulnerability. This vulnerability only exists in the 64-bit version.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2803
CVE-2017-2804A remote out of bound write vulnerability exists in the TIFF parsing functionality of Core PHOTO-PAINT X8 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific TIFF file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2804
CVE-2017-2811A code execution vulnerability exists in the Kakadu SDK 7.9's parsing of compressed JPEG 2000 images. A specially crafted JPEG 2000 file can be read by the program, and can lead to an out of bounds write causing an exploitable condition to arise.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2811
CVE-2017-2812A code execution vulnerability exists in the kdu_buffered_expand function of the Kakadu SDK 7.9. A specially crafted JPEG 2000 file can be read by the program and can lead to an out of bounds write causing an exploitable condition to arise.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2812
CVE-2017-2840A buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2840
CVE-2017-2899An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.tif' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2899
CVE-2017-2900An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.png' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2900
CVE-2017-2901An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2901
CVE-2017-2902An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2902
CVE-2017-2903An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2903
CVE-2017-2904An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.hdr' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2904
CVE-2017-2905An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2905
CVE-2017-2906An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2906
CVE-2017-2907An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2907
CVE-2017-2908An exploitable integer overflow exists in the thumbnail functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to render the thumbnail for the file while in the File->Open dialog.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2908
CVE-2017-2918An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2918
CVE-2018-3836An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3836
CVE-2018-3844In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted DOCX document can lead to a use-after-free resulting in direct code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3844
CVE-2018-3845In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3845
CVE-2018-3851In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, an exploitable stack-based buffer overflow exists in the DOC-to-HTML conversion functionality of the Hyland Perceptive Document Filters version 11.4.0.2647. A crafted .doc document can lead to a stack-based buffer, resulting in direct code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3851
CVE-2018-3855In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3855
CVE-2016-8390An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Disassembler 3.11.20. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file with specific section headers to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2016-8390
CVE-2018-3853An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3853
CVE-2018-3929An exploitable heap corruption exists in the PowerPoint document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted PowerPoint (PPT) document can lead to heap corruption, resulting in remote code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3929
CVE-2018-3930In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `vbgetfp` method.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3930
CVE-2018-3931In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `putShapeProperty` method.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3931
CVE-2018-3932An exploitable stack-based buffer overflow exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft Word (DOC) document can lead to a stack-based buffer overflow, resulting in remote code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3932
CVE-2018-3933An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `vbputanld` method.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3933
CVE-2018-3936In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3936
CVE-2018-3857An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3858.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3857
CVE-2018-3858An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain the ability to execute code. A different vulnerability than CVE-2018-3857.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3858
CVE-2018-3859An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3860.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3859
CVE-2018-3860An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain the ability to execute code. A different vulnerability than CVE-2018-3859.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3860
CVE-2018-3870An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3871.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3870
CVE-2018-3871An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3870.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3871
CVE-2018-3921A memory corruption vulnerability exists in the PSD-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PSD image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver a PSD image to trigger this vulnerability and gain code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3921
CVE-2018-3922A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. A specially crafted ANI image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver an ANI image to trigger this vulnerability and gain code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3922
CVE-2018-3923A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3923
CVE-2018-3924An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3924
CVE-2018-3939An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3939
CVE-2018-5546The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-5546
CVE-2018-3912On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. The strcpy call overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey" value in order to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3912
CVE-2018-3916An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 136 bytes. An attacker can send an arbitrarily long 'directory' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3916
CVE-2017-2777An exploitable heap overflow vulnerability exists in the ipStringCreate function of Iceni Argus Version 6.6.05. A specially crafted pdf file can cause an integer overflow resulting in heap overflow. An attacker can send file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-2777
CVE-2018-3914An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 2000 bytes. An attacker can send an arbitrarily long "sessionToken" value in order to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3914
CVE-2018-3975An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor 3.2.6 version. A specially crafted RTF file can leverage an uninitialized stack address, resulting in an out-of-bounds write, which in turn could lead to code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3975
CVE-2018-3978An exploitable out-of-bounds write vulnerability exists in the Word Document parser of the Atlantis Word Processor 3.0.2.3, 3.0.2.5. A specially crafted document can cause Atlantis to write a value outside the bounds of a heap allocation, resulting in a buffer overflow. An attacker must convince a victim to open a document in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3978
CVE-2018-3981An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3981
CVE-2018-3982An exploitable arbitrary write vulnerability exists in the Word document parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can prevent Atlas from adding elements to an array that is indexed by a loop. When reading from this array, the application will use an out-of-bounds index which can result in arbitrary data being read as a pointer. Later, when the application attempts to write to said pointer, an arbitrary write will occur. This can allow an attacker to further corrupt memory, which leads to code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3982
CVE-2018-3984An exploitable uninitialized length vulnerability exists within the Word document-parser of the Atlantis Word Processor 3.0.2.3 and 3.0.2.5. A specially crafted document can cause Atlantis to skip initializing a value representing the number of columns of a table. Later, the application will use this as a length within a loop that will write to a pointer on the heap. Due to this value being controlled, a buffer overflow will occur, which can lead to code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3984
CVE-2018-3998An exploitable heap-based buffer overflow vulnerability exists in the Windows enhanced metafile parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause an undersized allocation, resulting in an overflow when the application tries to copy data into it. An attacker must convince a victim to open a document in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3998
CVE-2018-3999An exploitable stack-based buffer overflow vulnerability exists in the JPEG parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause a length to be miscalculated and underflow. This length is then treated as unsigned and then used in a copying operation. Due to the length underflow, the application will then write outside the bounds of a stack buffer, resulting in a buffer overflow. An attacker must convince a victim to open a document in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3999
CVE-2018-4000An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice, resulting in a double-free vulnerability when both the references go out of scope. An attacker must convince a victim to open a document in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-4000
CVE-2018-4001An exploitable uninitialized pointer vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause an uninitialized pointer representing a TTableRow to be assigned to a variable on the stack. This variable is later dereferenced and then written to allow for controlled heap corruption, which can lead to code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-4001
CVE-2018-3943An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3943
CVE-2018-3944An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3944
CVE-2018-3957A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Keywords property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3957
CVE-2018-3958A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Subject property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3958
CVE-2018-3959A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Author property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3959
CVE-2018-3960A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Producer property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3960
CVE-2018-3961A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Creator property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3961
CVE-2018-3946An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3946
CVE-2018-3964An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3964
CVE-2018-3965An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3965
CVE-2018-3966An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3966
CVE-2018-3967An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3967
CVE-2018-3993An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3993
CVE-2018-3994An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3994
CVE-2018-3995An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3995
CVE-2018-3940An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused. An attacker needs to trick the user to open the malicious file to trigger.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3940
CVE-2018-3941An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3941
CVE-2018-3942An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3942
CVE-2018-3945An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3945
CVE-2018-3992An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3992
CVE-2018-3996An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3996
CVE-2018-3997An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3997
CVE-2018-3971An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to write data under controlled by an attacker address, resulting in memory corruption. An attacker can send IRP request to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3971
CVE-2018-4022A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v25.0.0 handles the MKV (matroska) file format. A specially crafted MKV file can cause arbitrary code execution in the context of the current user.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-4022
CVE-2018-4038An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted value as a length to a constructor. This constructor will miscalculate a length and then use it to calculate the position to write a null byte. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-4038
CVE-2018-4039An exploitable out-of-bounds write vulnerability exists in the PNG implementation of Atlantis Word Processor, version 3.2.7.2. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-4039
CVE-2018-4040An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a pointer that has been uninitialized and then write to it. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-4040
CVE-2018-3990An exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). A specially crafted IRP request can cause a buffer overflow, resulting in kernel memory corruption and, potentially, privilege escalation. An attacker can send an IRP request to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3990
CVE-2018-3973An exploitable out of bounds write exists in the CAL parsing functionality of Canvas Draw version 5.0.0. A specially crafted CAL image processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3973
CVE-2018-3976An exploitable out-of-bounds write exists in the CALS Raster file format-parsing functionality of Canvas Draw version 5.0.0.28. A specially crafted CAL image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a CAL image to trigger this vulnerability and gain code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3976
CVE-2018-3980An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3980
CVE-2018-4054A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine to successfully exploit this flaw.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-4054
CVE-2019-5015A local privilege escalation vulnerability exists in the Mac OS X version of Pixar Renderman 22.3.0's Install Helper helper tool. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine for a successful exploit.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-5015
CVE-2018-3969An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing unverified commands. To trigger this vulnerability, a local attacker needs to be able to write into /config/dhcpd.conf.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3969
CVE-2018-4050An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally adjust folder permissions leading to execution of arbitrary code with elevated privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-4050
CVE-2018-3974An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's install directory. An attacker can overwrite an executable that is launched as a system service on boot by default to exploit this vulnerability and execute arbitrary code with system privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3974
CVE-2018-4049An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's “Games” directory, version 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of installed games to exploit this vulnerability and execute arbitrary code with elevated privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-4049
CVE-2018-4008An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the RunVpncScript command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit this bug.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-4008
CVE-2018-4009An exploitable privilege escalation vulnerability exists in the Shimo VPN helper service due to improper validation of code signing. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to successfully exploit this bug.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-4009
CVE-2018-4005An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the configureRoutingWithCommand function. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a successful exploit.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-4005
CVE-2018-4006An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to exploit it successfully.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-4006
CVE-2019-11354The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices communication.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-11354
CVE-2018-4048An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute arbitrary code with SYSTEM privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-4048
CVE-2019-12802In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (invalid memory access in r_egg_lang_parsechar; invalid free in rcc_pusharg).7.8https://nvd.nist.gov/vuln/detail/CVE-2019-12802
CVE-2019-13602An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-13602
CVE-2019-13104In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-13104
CVE-2019-5045A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-5045
CVE-2019-5046A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-5046
CVE-2019-5047An exploitable Use After Free vulnerability exists in the CharProcs parsing functionality of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a Use After Free. An attacker can craft a malicious PDF to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-5047
CVE-2019-5048A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-5048
CVE-2019-5050A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-5050
CVE-2019-5053An exploitable use-after-free vulnerability exists in the Length parsing function of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a use-after-free condition. An attacker can craft a malicious PDF to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-5053
CVE-2019-5012An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the startProcess command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a successful exploit.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-5012
CVE-2019-5013An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the start/stopLaunchDProcess command. The command takes a user-supplied string argument and executes launchctl under root context. A user with local access can use this vulnerability to raise load arbitrary launchD agents. An attacker would need local access to the machine for a successful exploit.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-5013
CVE-2018-3983An exploitable uninitialized pointer vulnerability exists in the Word document parser of the the Atlantis Word Processor. A specially crafted document can cause an array fetch to return an uninitialized pointer and then performs some arithmetic before writing a value to the result. Usage of this uninitialized pointer can allow an attacker to corrupt heap memory resulting in code execution under the context of the application. An attacker must convince a victim to open a document in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-3983
CVE-2019-5088An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 14.0.7 x64. A specially crafted BMP file can cause an out-of-bounds memory write, allowing a potential attacker to execute arbitrary code on the victim machine. Can trigger this vulnerability by sending the user a specially crafted BMP file.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-5088
CVE-2019-5089An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 4.0.7 x64. A specially crafted JPEG file can cause an out-of-bounds memory write, allowing an attacker to execute arbitrary code on the victim machine. An attacker could exploit a vulnerability by providing the user with a specially crafted JPEG file.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-5089
CVE-2019-5084An exploitable heap out-of-bounds write vulnerability exists in the TIF-parsing functionality of LEADTOOLS 20. A specially crafted TIF image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An attacker can specially craft a TIF image to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-5084
CVE-2019-5099An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. A specially crafted CMP image file can cause an integer underflow, potentially resulting in code execution. An attacker can specially craft a CMP image to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-5099
CVE-2019-5100An exploitable integer overflow vulnerability exists in the BMP header parsing functionality of LEADTOOLS 20. A specially crafted BMP image file can cause an integer overflow, potentially resulting in code execution. An attacker can specially craft a BMP image to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-5100
CVE-2019-5125An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20. A specially crafted J2K image file can cause an out of bounds write of a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-5125
CVE-2019-2214In binder_transaction of binder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-136210786References: Upstream kernel7.8https://nvd.nist.gov/vuln/detail/CVE-2019-2214
CVE-2019-5071An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route (AC9V1.0 Firmware V15.03.05.16multiTRU). A specially crafted HTTP POST request can cause a command injection in the DNS1 post parameters, resulting in code execution. An attacker can send HTTP POST request with command to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-5071
CVE-2019-5072An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route (AC9V1.0 Firmware V15.03.05.16multiTRU). A specially crafted HTTP POST request can cause a command injection in the DNS2 post parameters, resulting in code execution. An attacker can send HTTP POST request with command to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-5072
CVE-2019-5164An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-5164
CVE-2020-9362The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GPFLAG in a ZIP archive. This affects Total Security, Home Security, Total Security Multi-Device, Internet Security, Total Security for Mac, AntiVirus Pro, AntiVirus for Server, and Total Security for Android.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-9362
CVE-2020-9363The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protection products because the virus would be detected upon extraction.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-9363
CVE-2020-6074An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-6074
CVE-2020-6092An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. A specially crafted PDF file can trigger an integer overflow that can lead to arbitrary code execution. In order to trigger this vulnerability, victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-6092
CVE-2020-6089An exploitable code execution vulnerability exists in the ANI file format parser of Leadtools 20. A specially crafted ANI file can cause a buffer overflow resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-6089
CVE-2020-6070An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-6070
CVE-2020-24346njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-24346
CVE-2020-6152A code execution vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.7. A specially crafted malformed file can cause an out-of-bounds write. An attacker can trigger this vulnerability by providing a victim with a malicious DICOM file.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-6152
CVE-2020-6112An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stripes in the tile which allow for the decoder to write out of-bounds and cause memory corruption. This can result in code execution. A specially crafted image can be embedded inside a PDF and loaded by a victim in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-6112
CVE-2020-6113An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate memory for the list of indirect objects. Due to an error when calculating this size, an integer overflow may occur which can result in an undersized buffer being allocated. Later when initializing this buffer, the application can write outside its bounds which can cause a memory corruption that can lead to code execution. A specially crafted document can be delivered to a victim in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-6113
CVE-2020-6115An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. While searching for an object identifier in a malformed document that is missing from the cross-reference table, the application will save a reference to the object’s cross-reference table entry inside a stack variable. If the referenced object identifier is not found, the application may resize the cross-reference table which can change the scope of its entry. Later when the application tries to reference cross-reference entry via the stack variable, the application will access memory belonging to the recently freed table causing a use-after-free condition. A specially crafted document can be delivered by an attacker and loaded by a victim in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-6115
CVE-2020-6116An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colorspace, the application can miscalculate the size of a buffer when allocating space for its colors. When using this allocated buffer, the application can write outside its bounds and cause memory corruption which can lead to code execution. A specially crafted document must be loaded by a victim in order to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-6116
CVE-2020-6105An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-6105
CVE-2020-6108An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-6108
CVE-2020-13536An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-13536
CVE-2020-13537An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality and among them the mosquitto executable is also run.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-13537
CVE-2020-6147A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-6147
CVE-2020-6148A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-6148
CVE-2020-6149A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance in USDC file format PATHS section.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-6149
CVE-2020-6150A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-6150
CVE-2020-6155A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. A specially crafted malformed file can trigger a heap overflow, which can result in remote code execution. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-6155
CVE-2020-6156A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance USDC file format path element token index.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-6156
CVE-2020-13493A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-13493
CVE-2020-13542A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing arbitrary commands with System privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-13542
CVE-2020-13520An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs paths from binary USD files. A specially crafted malformed file can trigger an out of bounds memory modification which can result in remote code execution. To trigger this vulnerability, victim needs to access an attacker-provided malformed file.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-13520
CVE-2020-13535A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. In its default configuration, an attacker can globally overwrite service configuration to execute arbitrary code with NT SYSTEM privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-13535
CVE-2020-13539An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via “WIN-911 Mobile Runtime” service. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-13539
CVE-2020-13540An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executables which could lead to escalation of the privileges when executed.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-13540
CVE-2020-13544An exploitable sign extension vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to sign-extend a length used to terminate a loop, which can later result in the loop’s index being used to write outside the bounds of a heap buffer during the reading of file data. An attacker can entice the victim to open a document to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-13544
CVE-2020-13545An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based memory corruption. An attacker can entice the victim to open a document to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-13545
CVE-2020-13579An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation. Later when copying data from the file into this allocation, a heap-based buffer overflow will occur which can corrupt memory. These types of memory corruptions can allow for code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-13579
CVE-2020-13580An exploitable heap-based buffer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser to explicitly trust a length from a particular record type and use it to write a 16-bit null relative to a buffer allocated on the stack. Due to a lack of bounds-checking on this value, this can allow an attacker to write to memory outside of the buffer and controllably corrupt memory. This can allow an attacker to earn code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-13580
CVE-2020-27247A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0002, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).7.8https://nvd.nist.gov/vuln/detail/CVE-2020-27247
CVE-2020-27248A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0003 and 0x0014, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).7.8https://nvd.nist.gov/vuln/detail/CVE-2020-27248
CVE-2020-27249A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0004 and 0x0015, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).7.8https://nvd.nist.gov/vuln/detail/CVE-2020-27249
CVE-2020-13546In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1014), a specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-13546
CVE-2020-13581In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a buffer that is smaller than the size used for the copy which will cause a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-13581
CVE-2020-27250In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow at Version/Instance 0x0005 and 0x0016. An attacker can entice the victim to open a document to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-27250
CVE-2020-28595An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-28595
CVE-2020-28596A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-28596
CVE-2020-13549An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-13549
CVE-2020-28587A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).7.8https://nvd.nist.gov/vuln/detail/CVE-2020-28587
CVE-2021-3410A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca/caca/canvas.c may lead to local execution of arbitrary code in the user context.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3410
CVE-2020-28599A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-28599
CVE-2020-13554An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-13554
CVE-2021-21773An out-of-bounds write vulnerability exists in the TIFF header count-processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21773
CVE-2021-21776An out-of-bounds write vulnerability exists in the SGI Format Buffer Size Processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21776
CVE-2021-29154BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-29154
CVE-2020-13532A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-13532
CVE-2020-13533A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which reference binaries with weak permissions, can be abused by attackers to effectively ‘backdoor’ the installation files and escalate privileges when a new user logs in and uses the application.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-13533
CVE-2020-13534A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers (CLSID), installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-13534
CVE-2020-27228An incorrect default permissions vulnerability exists in the installation functionality of OpenClinic GA 5.173.3. Overwriting the binary can result in privilege escalation. An attacker can replace a file to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-27228
CVE-2021-21784An out-of-bounds write vulnerability exists in the JPG format SOF marker processing of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21784
CVE-2021-31784An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021.6 on all supported by ODA platforms in static configuration. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31784
CVE-2021-21822A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening a malicious file or site to trigger this vulnerability if the browser plugin extension is enabled.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21822
CVE-2020-28600An out-of-bounds write vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-28600
CVE-2021-30498A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other potential consequences.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30498
CVE-2021-30499A flaw was found in libcaca. A buffer overflow of export.c in function export_troff might lead to memory corruption and other potential consequences.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30499
CVE-2021-21808A memory corruption vulnerability exists in the PNG png_palette_process functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide malicious inputs to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21808
CVE-2021-21824An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420 functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21824
CVE-2021-32946An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32946
CVE-2021-32936An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32936
CVE-2021-32944A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32944
CVE-2021-32948An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-32948
CVE-2021-27041A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code7.8https://nvd.nist.gov/vuln/detail/CVE-2021-27041
CVE-2021-27042A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. The vulnerability exists because the application fails to handle a crafted DWG file, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-27042
CVE-2021-21871A memory corruption vulnerability exists in the DMG File Format Handler functionality of PowerISO 7.9. A specially crafted DMG file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. The vendor fixed it in a bug-release of the current version.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21871
CVE-2021-21786A privilege escalation vulnerability exists in the IOCTL 0x9c406144 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead to increased privileges. An attacker can send a malicious IRP to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21786
CVE-2021-21821A stack-based buffer overflow vulnerability exists in the PDF process_fontname functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21821
CVE-2020-28598An out-of-bounds write vulnerability exists in the Admesh stl_fix_normal_directions() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted AMF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-28598
CVE-2021-21794An out-of-bounds write vulnerability exists in the TIF bits_per_sample processing functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21794
CVE-2021-27033A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within affected installations of Autodesk Design Review 2018, 2017, 2013, 2012, 2011. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-27033
CVE-2021-27035A maliciously crafted TIFF, TIF, PICT, TGA, or DWF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA or DWF files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-27035
CVE-2021-27036A maliciously crafted PCX, PICT, RCL, TIF, BMP, PSD or TIFF file can be used to write beyond the allocated buffer while parsing PCX, PDF, PICT, RCL, BMP, PSD or TIFF files. This vulnerability can be exploited to execute arbitrary code7.8https://nvd.nist.gov/vuln/detail/CVE-2021-27036
CVE-2021-27037A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by remote malicious actors to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-27037
CVE-2021-27038A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can occur when processing a maliciously crafted PDF file. A malicious actor can leverage this to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-27038
CVE-2021-27039A maliciously crafted TIFF and PCX file can be forced to read and write beyond allocated boundaries when parsing the TIFF and PCX file for based overflow. This vulnerability can be exploited to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-27039
CVE-2021-21864A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureSettings functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21864
CVE-2021-21865A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone() functionality of CODESYS GmbH CODESYS Development System 3.5.16. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21865
CVE-2021-21866A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21866
CVE-2021-21863A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21863
CVE-2021-21812A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs’ Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strcpy copying the path provided by the user into a static sized buffer without any length checks resulting in a stack-buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21812
CVE-2021-21813Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to memcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a stack-buffer overflow.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21813
CVE-2021-21814Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strlen to determine the ending location of the char* passed in by the user, no checks are done to see if the passed in char* is longer than the staticly sized buffer data is memcpy‘d into, but after the memcpy a null byte is written to what is assumed to be the end of the buffer to terminate the char*, but without length checks, this null write occurs at an arbitrary offset from the buffer. An attacker can provide malicious input to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21814
CVE-2021-21815A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs' Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a stack-buffer overflow. An attacker can provide malicious input to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21815
CVE-2020-28594A use-after-free vulnerability exists in the _3MF_Importer::_handle_end_model() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-28594
CVE-2021-21862Multiple exploitable integer truncation vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption The implementation of the parser used for the “Xtra” FOURCC code is handled. An attacker can convince a user to open a video to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21862
CVE-2021-21867An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteArray functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21867
CVE-2021-21868An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21868
CVE-2021-21869An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21869
CVE-2021-30713A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited..7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30713
CVE-2021-21798An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger the vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21798
CVE-2021-40157A user may be tricked into opening a malicious FBX file which may exploit an Untrusted Pointer Dereference vulnerability in FBX’s Review version 1.5.0 and prior causing it to run arbitrary code on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40157
CVE-2021-2464Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and 8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux executes to compromise Oracle Linux. Successful attacks of this vulnerability can result in takeover of Oracle Linux. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).7.8https://nvd.nist.gov/vuln/detail/CVE-2021-2464
CVE-2021-21796An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause an object containing the path to a document to be destroyed and then later reused, resulting in a use-after-free vulnerability, which can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21796
CVE-2021-21797An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a reference to a timeout object to be stored in two different places. When closed, the document will result in the reference being released twice. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21797
CVE-2021-31359A local privilege escalation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to cause the Juniper DHCP daemon (jdhcpd) process to crash, resulting in a Denial of Service (DoS), or execute arbitrary commands as root. Continued processing of malicious input will repeatedly crash the system and sustain the Denial of Service (DoS) condition. Systems are only vulnerable if jdhcpd is running, which can be confirmed via the 'show system processes' command. For example: root@host# run show system processes extensive | match dhcp 26537 root -16 0 97568K 13692K RUN 0 0:01 3.71% jdhcpd This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31359
CVE-2021-42726Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-42726
CVE-2021-42721Acrobat Bridge versions 11.1.1 and earlier are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-42721
CVE-2021-42723Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted SGI file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-42723
CVE-2021-21910A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21910
CVE-2021-21911A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21911
CVE-2021-21912A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21912
CVE-2021-40394An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40394
CVE-2021-40160PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40160
CVE-2021-40161A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40161
CVE-2022-23033arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if the entry doesn't have the valid bit set. It is possible to have a valid pagetable entry without the valid bit set when a guest operating system uses set/way cache maintenance instructions. For instance, a guest issuing a set/way cache maintenance instruction, then calling the XENMEM_decrease_reservation hypercall to give back memory pages to Xen, might be able to retain access to those pages even after Xen started reusing them for other purposes.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23033
CVE-2021-40167A malicious crafted dwf file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40167
CVE-2021-40388A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40388
CVE-2021-40389A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40389
CVE-2021-40396A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40396
CVE-2021-40397A privilege escalation vulnerability exists in the installation of Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40397
CVE-2021-4034A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4034
CVE-2021-40401A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40401
CVE-2022-23946A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23946
CVE-2022-23947A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23947
CVE-2021-46363An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-46363
CVE-2021-46365An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-46365
CVE-2021-21958A heap-based buffer overflow vulnerability exists in the Hword HwordApp.dll functionality of Hancom Office 2020 11.0.0.2353. A specially-crafted malformed file can lead to memory corruption and potential arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21958
CVE-2022-23803A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23803
CVE-2022-23804A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadIJCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23804
CVE-2022-25372Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25372
CVE-2021-46162A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15048)7.8https://nvd.nist.gov/vuln/detail/CVE-2021-46162
CVE-2022-0492A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0492
CVE-2022-1011A flaw use after free in the Linux kernel FUSE filesystem was found in the way user triggers write(). A local user could use this flaw to get some unauthorized access to some data from the FUSE filesystem and as result potentially privilege escalation too.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1011
CVE-2022-22819NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers (ROM version 1B) have a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker to achieve non-persistent code execution via a crafted unsigned update.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22819
CVE-2022-28388usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28388
CVE-2022-28389mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28389
CVE-2022-28390ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28390
CVE-2022-23699A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23699
CVE-2022-26358IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26358
CVE-2022-26359IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26359
CVE-2022-26360IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26360
CVE-2022-26361IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26361
CVE-2022-26250Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26250
CVE-2022-1237Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1237
CVE-2022-1238Heap-based Buffer Overflow in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1238
CVE-2022-23440A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23440
CVE-2022-1240Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I think it is very likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1240
CVE-2021-26104Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-26104
CVE-2021-43138A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2) , which could let a malicious user obtain privileges via the mapValues() method.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43138
CVE-2022-20762A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure (SMI) software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in the affected CLI. An attacker could exploit this vulnerability by authenticating as a CEE ConfD CLI user and executing a specific CLI command. A successful exploit could allow an attacker to access privileged containers with root privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-20762
CVE-2022-22516The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22516
CVE-2021-43515CSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting to a CSV file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43515
CVE-2022-28893The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28893
CVE-2022-0556A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0556
CVE-2022-27088Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-27088
CVE-2022-27089In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-27089
CVE-2022-1262A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1262
CVE-2022-1316ZeroTierOne for windows local privilege escalation because of incorrect directory privilege in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1316
CVE-2022-22962VMware Horizon Client for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22962
CVE-2022-22964VMware Horizon Client for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22964
CVE-2022-25789A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25789
CVE-2022-25790A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25790
CVE-2022-25791A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25791
CVE-2022-25792A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability can be exploited to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25792
CVE-2022-25794An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code “ABC” files or information disclosure. ABC files are created by the Flash compiler and contain executable code. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25794
CVE-2022-25796A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-25796
CVE-2022-26092Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26092
CVE-2022-27528A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-27528
CVE-2022-27578An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its content.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-27578
CVE-2022-27826Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-27826
CVE-2022-27827Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-27827
CVE-2022-27828Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-27828
CVE-2022-27829Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-27829
CVE-2022-27830Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-27830
CVE-2022-27833Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-27833
CVE-2022-27835Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-27835
CVE-2022-27836Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. The patch adds proper validation logic to prevent arbitrary files access.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-27836
CVE-2022-27837A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0) allows attacker to access the file with system privilege.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-27837
CVE-2022-27838Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-27838
CVE-2022-27842DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-27842
CVE-2022-27843DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 allows attacker to execute abitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-27843
CVE-2022-28541Uncontrolled search path element vulnerability in Samsung Update prior to version 3.0.77.0 allows attackers to execute arbitrary code as Samsung Update permission.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28541
CVE-2022-28776Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28776
CVE-2022-28779Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28779
CVE-2021-42029A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-42029
CVE-2022-23448A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local unprivileged attacker to achieve code execution with ADMINISTRATOR or even NT AUTHORITY/SYSTEM privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23448
CVE-2022-28663A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15592)7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28663
CVE-2021-39794In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-2058363297.8https://nvd.nist.gov/vuln/detail/CVE-2021-39794
CVE-2021-39797In several functions of of LauncherApps.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-2096071047.8https://nvd.nist.gov/vuln/detail/CVE-2021-39797
CVE-2021-39798In Bitmap_createFromParcel of Bitmap.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-2131696127.8https://nvd.nist.gov/vuln/detail/CVE-2021-39798
CVE-2021-39799In AttributionSource of AttributionSource.java, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-2002885967.8https://nvd.nist.gov/vuln/detail/CVE-2021-39799
CVE-2021-39801In ion_ioctl of ion-ioctl.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-209791720References: Upstream kernel7.8https://nvd.nist.gov/vuln/detail/CVE-2021-39801
CVE-2021-39802In change_pte_range of mprotect.c , there is a possible way to make a shared mmap writable due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213339151References: Upstream kernel7.8https://nvd.nist.gov/vuln/detail/CVE-2021-39802
CVE-2022-24383The affected product is vulnerable to an out-of-bounds read, which may result in code execution7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24383
CVE-2022-22008Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22009, CVE-2022-23257, CVE-2022-24537.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22008
CVE-2022-22009Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-23257, CVE-2022-24537.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22009
CVE-2022-24473Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26901.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24473
CVE-2022-24474Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24542.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24474
CVE-2022-24479Connected User Experiences and Telemetry Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24479
CVE-2022-24481Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24521.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24481
CVE-2022-24486Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24544.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24486
CVE-2022-24488Windows Desktop Bridge Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24488
CVE-2022-24489Cluster Client Failover (CCF) Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24489
CVE-2022-24494Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24494
CVE-2022-24496Local Security Authority (LSA) Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24496
CVE-2022-24499Windows Installer Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24530.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24499
CVE-2022-24513Visual Studio Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24513
CVE-2022-24521Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24481.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24521
CVE-2022-24527Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24527
CVE-2022-24530Windows Installer Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24499.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24530
CVE-2022-24532HEVC Video Extensions Remote Code Execution Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24532
CVE-2022-24537Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-22009, CVE-2022-23257.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24537
CVE-2022-24542Windows Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24474.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24542
CVE-2022-24543Windows Upgrade Assistant Remote Code Execution Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24543
CVE-2022-24544Windows Kerberos Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24486.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24544
CVE-2022-24546Windows DWM Core Library Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24546
CVE-2022-24547Windows Digital Media Receiver Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24547
CVE-2022-24549Windows AppX Package Manager Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24549
CVE-2022-24550Windows Telephony Server Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24550
CVE-2022-26786Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26786
CVE-2022-26787Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26787
CVE-2022-26788PowerShell Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26788
CVE-2022-26789Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26789
CVE-2022-26790Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26790
CVE-2022-26791Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26791
CVE-2022-26792Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26792
CVE-2022-26793Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26793
CVE-2022-26794Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26794
CVE-2022-26795Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26795
CVE-2022-26796Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26796
CVE-2022-26797Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26797
CVE-2022-26798Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26798
CVE-2022-26801Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26802, CVE-2022-26803.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26801
CVE-2022-26802Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26803.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26802
CVE-2022-26803Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26795, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26803
CVE-2022-26810Windows File Server Resource Management Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26827.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26810
CVE-2022-26901Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24473.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26901
CVE-2022-26903Windows Graphics Component Remote Code Execution Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26903
CVE-2022-26914Win32k Elevation of Privilege Vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26914
CVE-2022-26916Windows Fax Compose Form Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26917, CVE-2022-26918.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26916
CVE-2022-26917Windows Fax Compose Form Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26916, CVE-2022-26918.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26917
CVE-2022-26918Windows Fax Compose Form Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26916, CVE-2022-26917.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26918
CVE-2022-21491Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.34. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows systems only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).7.8https://nvd.nist.gov/vuln/detail/CVE-2022-21491
CVE-2017-14447An exploitable buffer overflow vulnerability exists in the PubNub message handler for the 'ad' channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability.7.7https://nvd.nist.gov/vuln/detail/CVE-2017-14447
CVE-2018-4058An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability.7.7https://nvd.nist.gov/vuln/detail/CVE-2018-4058
CVE-2020-13550A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability.7.7https://nvd.nist.gov/vuln/detail/CVE-2020-13550
CVE-2019-5024A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in full administrator access to the underlying operating system. An attacker can connect to the device via USB port with a keyboard or other HID device to trigger this vulnerability.7.6https://nvd.nist.gov/vuln/detail/CVE-2019-5024
CVE-2016-9036An exploitable incorrect return value vulnerability exists in the mp_check function of Tarantool's Msgpuck library 1.0.3. A specially crafted packet can cause the mp_check function to incorrectly return success when trying to check if decoding a map16 packet will read outside the bounds of a buffer, resulting in a denial of service vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2016-9036
CVE-2016-9037An exploitable out-of-bounds array access vulnerability exists in the xrow_header_decode function of Tarantool 1.7.2.0-g8e92715. A specially crafted packet can cause the function to access an element outside the bounds of a global array that is used to determine the type of the specified key's value. This can lead to an out of bounds read within the context of the server. An attacker who exploits this vulnerability can cause a denial of service vulnerability on the server.7.5https://nvd.nist.gov/vuln/detail/CVE-2016-9037
CVE-2017-5991An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-5991
CVE-2016-9049An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2016-9049
CVE-2016-8714An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2016-8714
CVE-2017-2786A denial of service vulnerability exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to an out of bounds read causing a crash and a denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-2786
CVE-2016-8716An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of intercepting this traffic is able to obtain valid credentials.7.5https://nvd.nist.gov/vuln/detail/CVE-2016-8716
CVE-2016-8723An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially unexpected HTTP get requests to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2016-8723
CVE-2016-8726An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server.7.5https://nvd.nist.gov/vuln/detail/CVE-2016-8726
CVE-2017-2830An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-2830
CVE-2017-2831An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-2831
CVE-2016-6797The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.7.5https://nvd.nist.gov/vuln/detail/CVE-2016-6797
CVE-2016-6796A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.7.5https://nvd.nist.gov/vuln/detail/CVE-2016-6796
CVE-2017-2865An exploitable vulnerability exists in the firmware update functionality of Circle with Disney. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-2865
CVE-2017-2884An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An attacker needs network connectivity to the device to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-2884
CVE-2017-2889An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker needs network connectivity to the device to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-2889
CVE-2017-2893An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-2893
CVE-2017-2898An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series of packets to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-2898
CVE-2017-2909An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-2909
CVE-2017-11305A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-11305
CVE-2017-12119An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-12119
CVE-2017-14460An exploitable overly permissive cross-domain (CORS) whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a malicious website to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-14460
CVE-2017-12130An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to a server crash and denial of service. An attacker needs to send a DNS query to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-12130
CVE-2017-2861An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-2861
CVE-2017-12088An exploitable denial of service vulnerability exists in the Ethernet functionality of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted packet can cause a device power cycle resulting in a fault state and deletion of ladder logic. An attacker can send one unauthenticated packet to trigger this vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2017-12088
CVE-2017-12089An exploitable denial of service vulnerability exists in the program download functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a device fault resulting in halted operations. An attacker can send an unauthenticated packet to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-12089
CVE-2017-12090An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-set commands, can cause a device power cycle resulting in downtime for the device. An attacker can send one packet to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-12090
CVE-2017-12093An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resource pool resulting in legitimate connections to the PLC being disconnected. An attacker can send unauthenticated packets to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-12093
CVE-2017-2833An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters resulting in command injection during the boot process. To trigger this vulnerability, an attacker needs to send an HTTP request and reboot the device.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-2833
CVE-2018-1000168nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-1000168
CVE-2017-12124An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a crafted URI to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-12124
CVE-2017-12128An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-12128
CVE-2017-14435An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\\_CFG.ini" without a cookie header to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-14435
CVE-2017-14436An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\\_CFG2.ini" without a cookie header to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-14436
CVE-2017-14437An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA\\_LOG.ini" without a cookie header to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-14437
CVE-2017-14438Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-14438
CVE-2017-14439Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4001/tcp to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-14439
CVE-2017-2852An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-2852
CVE-2017-2858An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-2858
CVE-2017-2860An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-2860
CVE-2017-12092An exploitable file write vulnerability exists in the memory module functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a file write resulting in a new program being written to the memory module. An attacker can send an unauthenticated packet to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-12092
CVE-2018-3852An exploitable denial of service vulnerability exists in the Ocularis Recorder functionality of Ocularis 5.5.0.242. A specially crafted TCP packet can cause a process to terminate resulting in denial of service. An attacker can send a crafted TCP packet to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-3852
CVE-2018-12020mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-12020
CVE-2018-11040Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-11040
CVE-2018-3840A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x67). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read by the application is not validated, and its use can lead to a null pointer dereference. The IT application is opened by a user and then listens for a connection on port 4001. An attacker can deliver an attack once the application has been opened.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-3840
CVE-2018-3841A denial-of-service vulnerability exists in the Pixar Renderman IT Display Service 21.6 (0x69). The vulnerability is present in the parsing of a network packet without proper validation of the packet. The data read-in is not validated, and its use can lead to a null pointer dereference. The IT application is opened by a user and then listens for a connection on port 4001. An attacker can deliver an attack once the application has been opened.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-3841
CVE-2017-16348An exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012. Leftover demo functionality allows for arbitrarily rebooting the device without authentication. An attacker can send a UDP packet to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-16348
CVE-2018-3833An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the firmware version that is going to be installed and thus allows for flashing older firmware images. To trigger this vulnerability, an attacker needs to impersonate the remote server 'cache.insteon.com' and serve any signed firmware image.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-3833
CVE-2018-3918An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync' operation, leading to arbitrary deletion of cameras. An attacker can send an HTTP request to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-3918
CVE-2018-3908An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. With the implementation of the on_body callback, defined by sub_41734, an attacker can send an HTTP request to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-3908
CVE-2018-11054RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-11054
CVE-2017-2874An information disclosure vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 can allow for a user to retrieve sensitive information without authentication.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-2874
CVE-2017-2875An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in overwriting arbitrary data.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-2875
CVE-2017-2878An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-2878
CVE-2017-2876An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in overwriting arbitrary data.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-2876
CVE-2018-17365SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-17365
CVE-2018-3928An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-3928
CVE-2018-3898An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return address from the ssid_dst field.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-3898
CVE-2018-3899An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_info call can overwrite a buffer of size 0x104, which is more than enough to overflow the return address from the password_dst field7.5https://nvd.nist.gov/vuln/detail/CVE-2018-3899
CVE-2018-3935An exploitable code execution vulnerability exists in the UDP network functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can allocate unlimited memory, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-3935
CVE-2018-15769RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-15769
CVE-2018-19518University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-19518
CVE-2018-3948An exploitable denial-of-service vulnerability exists in the URI-parsing functionality of the TP-Link TL-R600VPN HTTP server. A specially crafted URL can cause the server to stop responding to requests, resulting in downtime for the management portal. An attacker can send either an unauthenticated or authenticated web request to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-3948
CVE-2018-3949An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated web request to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-3949
CVE-2018-4011An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the "RDLENGTH" value is handled incorrectly, leading to an out-of-bounds access that crashes the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-4011
CVE-2018-4030An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The "Host" header is incorrectly extracted from captured HTTP requests, which would allow an attacker to visit any malicious websites and bypass the firewall. An attacker could send an HTTP request to exploit this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-4030
CVE-2019-0037In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environment, the jdhcpd daemon may crash and restart upon receipt of certain DHCPv6 solicit messages received from a DHCPv6 client. By continuously sending the same crafted packet, an attacker can repeatedly crash the jdhcpd process causing a sustained Denial of Service (DoS) to both IPv4 and IPv6 clients. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496; 16.1 versions prior to 16.1R3-S10, 16.1R7-S4; 16.2 versions prior to 16.2R2-S8; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S2; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R1-S2. This issue does not affect Junos OS releases prior to 15.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-0037
CVE-2019-9628The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-9628
CVE-2019-0227A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-0227
CVE-2018-4024An exploitable denial-of-service vulnerability exists in the thumbnail display functionality of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a null pointer dereference, resulting in a device reboot.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-4024
CVE-2018-4025An exploitable denial-of-service vulnerability exists in the XML_GetRawEncJpg Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause an invalid memory dereference, resulting in a device reboot.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-4025
CVE-2018-4026An exploitable denial-of-service vulnerability exists in the XML_GetScreen Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted set of packets can cause an invalid memory dereference, resulting in a device reboot.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-4026
CVE-2018-4027An exploitable denial-of-service vulnerability exists in the XML_UploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a semaphore deadlock, which prevents the device from receiving any physical or network inputs. An attacker can send a specially crafted packet to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-4027
CVE-2018-4028An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. The HTTP server could allow an attacker to overwrite the root directory of the server, resulting in a denial of service. An attacker can send an HTTP POST request to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-4028
CVE-2019-6819A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-6819
CVE-2019-3411All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Due to some interfaces can obtain the WebUI login password without login, an attacker can exploit the vulnerability to obtain sensitive information about the affected components.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-3411
CVE-2018-20843In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).7.5https://nvd.nist.gov/vuln/detail/CVE-2018-20843
CVE-2018-7838A CWE-119 Buffer Errors vulnerability exists in Modicon M580 CPU - BMEP582040, all versions before V2.90, and Modicon Ethernet Module BMENOC0301, all versions before V2.16, which could cause denial of service on the FTP service of the controller or the Ethernet BMENOC module when it receives a FTP CWD command with a data length greater than 1020 bytes. A power cycle is then needed to reactivate the FTP service.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-7838
CVE-2019-14205A Local File Inclusion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to retrieve arbitrary files via the $REQUEST['adaptive-images-settings']['source_file'] parameter in adaptive-images-script.php.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-14205
CVE-2019-15046Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-15046
CVE-2019-5037An exploitable denial-of-service vulnerability exists in the Weave certificate loading functionality of Nest Cam IQ Indoor camera, version 4620002. A specially crafted weave packet can cause an integer overflow and an out-of-bounds read on unmapped memory to occur, resulting in a denial of service. An attacker can send a specially crafted packet to trigger.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-5037
CVE-2019-5040An exploitable information disclosure vulnerability exists in the Weave MessageLayer parsing of Openweave-core version 4.0.2 and Nest Cam IQ Indoor version 4620002. A specially crafted weave packet can cause an integer overflow to occur, resulting in PacketBuffer data reuse. An attacker can send a packet to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-5040
CVE-2019-5036An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality of the Nest Cam IQ Indoor, version 4620002. A specially crafted weave packets can cause an arbitrary Weave Exchange Session to close, resulting in a denial of service. An attacker can send a specially crafted packet to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-5036
CVE-2019-16159BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-16159
CVE-2019-3643McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-3643
CVE-2019-5054An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference, resulting in the HTTP service crashing. An unauthenticated attacker can send a specially crafted HTTP request to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-5054
CVE-2019-5055An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMessage> service can cause a null pointer dereference, resulting in the hostapd service crashing. An unauthenticated attacker can send a specially-crafted SOAP request to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-5055
CVE-2019-8075Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-8075
CVE-2019-15166lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-15166
CVE-2019-0205In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-0205
CVE-2018-4002An exploitable denial-of-service vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. When parsing labels in mDNS packets, the firewall unsafely handles label compression pointers, leading to an uncontrolled recursion that eventually exhausts the stack, crashing the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-4002
CVE-2019-5010An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-5010
CVE-2019-5043An exploitable denial-of-service vulnerability exists in the Weave daemon of the Nest Cam IQ Indoor, version 4620002. A set of TCP connections can cause unrestricted resource allocation, resulting in a denial of service. An attacker can connect multiple times to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-5043
CVE-2019-10172A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-10172
CVE-2019-19244sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-19244
CVE-2019-5097A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the form of GET or POST requests and does not require the requested resource to exist on the server.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-5097
CVE-2019-5163An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-5163
CVE-2019-19603SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-19603
CVE-2019-5090An exploitable information disclosure vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. A specially crafted packet can cause an out-of-bounds read, resulting in information disclosure. An attacker can send a packet to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-5090
CVE-2019-5091An exploitable denial-of-service vulnerability exists in the Dicom-packet parsing functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an infinite loop, resulting in a denial of service. An attacker can send a packet to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-5091
CVE-2017-18640The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-18640
CVE-2019-19880exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-19880
CVE-2019-19926multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-19926
CVE-2019-19923flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).7.5https://nvd.nist.gov/vuln/detail/CVE-2019-19923
CVE-2019-19925zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-19925
CVE-2019-12399When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalized secrets variables.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-12399
CVE-2020-7044In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-7044
CVE-2020-7241The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9} format, guessing UNIX timestamps, and making HTTPS requests with the complete guessed URL.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-7241
CVE-2019-20388xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-20388
CVE-2020-7226CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-7226
CVE-2020-1940The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does not remove it upon processing during the first phase of the authentication. In combination with additional, independent authentication mechanisms, this may lead to the new password being disclosed.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-1940
CVE-2020-6060A stack buffer overflow vulnerability exists in the way MiniSNMPD version 1.4 handles multiple connections. A specially timed sequence of SNMP connections can trigger a stack overflow, resulting in a denial of service. To trigger this vulnerability, an attacker needs to simply initiate multiple connections to the server.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-6060
CVE-2020-6062An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-6062
CVE-2019-19866Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows remote attackers to obtain sensitive information. By iterating the value of conferenceId to getMailFunction in the JSON API, one can enumerate all conferences scheduled on the platform, with their numbers and access PINs.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-19866
CVE-2019-5137The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-5137
CVE-2019-5148An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-5148
CVE-2020-8659CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-8659
CVE-2020-5849Unraid 6.8.0 allows authentication bypass.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-5849
CVE-2020-6582Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-6582
CVE-2020-6071An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-6071
CVE-2020-6073An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-6073
CVE-2020-6077An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-6077
CVE-2020-6078An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-6078
CVE-2020-6079An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed by rr_decode.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-6079
CVE-2020-6080An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6].7.5https://nvd.nist.gov/vuln/detail/CVE-2020-6080
CVE-2019-5105An exploitable memory corruption vulnerability exists in the Name Service Client functionality of 3S-Smart Software Solutions CODESYS GatewayService. A specially crafted packet can cause a large memcpy, resulting in an access violation and termination of the process. An attacker can send a packet to a device running the GatewayService.exe to trigger this vulnerability. All variants of the CODESYS V3 products in all versions prior V3.5.16.10 containing the CmpRouter or CmpRouterEmbedded component are affected, regardless of the CPU type or operating system: CODESYS Control for BeagleBone, CODESYS Control for emPC-A/iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PLCnext, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (also part of the CODESYS Development System setup), CODESYS Control V3 Runtime System Toolkit, CODESYS V3 Embedded Target Visu Toolkit, CODESYS V3 Remote Target Visu Toolkit, CODESYS V3 Safety SIL2, CODESYS Edge Gateway V3, CODESYS Gateway V3, CODESYS HMI V3, CODESYS OPC Server V3, CODESYS PLCHandler SDK, CODESYS V3 Simulation Runtime (part of the CODESYS Development System).7.5https://nvd.nist.gov/vuln/detail/CVE-2019-5105
CVE-2020-6095An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-6095
CVE-2020-10663The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-10663
CVE-2020-6098An exploitable denial of service vulnerability exists in the freeDiameter functionality of freeDiameter 1.3.2. A specially crafted Diameter request can trigger a memory corruption resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-6098
CVE-2020-6097An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-6097
CVE-2019-0233An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-0233
CVE-2020-6083An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-6083
CVE-2020-6086An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.If the Simple Segment Sub-Type is supplied, the device treats the byte following as the Data Size in words. When this value represents a size greater than what remains in the packet data, the device enters a fault state where communication with the device is lost and a physical power cycle is required.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-6086
CVE-2020-6087An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability If the ANSI Extended Symbol Segment Sub-Type is supplied, the device treats the byte following as the Data Size in words. When this value represents a size greater than what remains in the packet data, the device enters a fault state where communication with the device is lost and a physical power cycle is required.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-6087
CVE-2020-6084An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability by sending an Electronic Key Segment with less bytes than required by the Key Format Table.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-6084
CVE-2020-6085An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability by sending an Electronic Key Segment with less than 0x18 bytes following the Key Format field.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-6085
CVE-2020-6111An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000 and Series B FRN 10.000. A specially crafted packet can cause a major error, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-6111
CVE-2020-13530A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A large number of network requests in a small span of time can cause the running program to stop. An attacker can send a sequence of requests to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-13530
CVE-2020-8169curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).7.5https://nvd.nist.gov/vuln/detail/CVE-2020-8169
CVE-2020-8231Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-8231
CVE-2020-13573A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-13573
CVE-2020-13559A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028. A specially crafted packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-13559
CVE-2020-36221An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).7.5https://nvd.nist.gov/vuln/detail/CVE-2020-36221
CVE-2020-36222A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-36222
CVE-2020-36223A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).7.5https://nvd.nist.gov/vuln/detail/CVE-2020-36223
CVE-2020-36224A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-36224
CVE-2020-36225A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-36225
CVE-2020-36226A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-36226
CVE-2020-36227A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-36227
CVE-2020-36228An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-36228
CVE-2020-36229A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-36229
CVE-2020-13582A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-13582
CVE-2020-6088An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-6088
CVE-2020-13574A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-13574
CVE-2020-13575A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-13575
CVE-2020-13577A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-13577
CVE-2020-13578A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-13578
CVE-2020-13583A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-13583
CVE-2020-27779A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-27779
CVE-2020-28597A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password of an account of their choice.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-28597
CVE-2021-28165In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-28165
CVE-2021-31598An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-31598
CVE-2021-31871An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-31871
CVE-2021-21817An information disclosure vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-21817
CVE-2021-21818A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of requests to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-21818
CVE-2021-2351Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).7.5https://nvd.nist.gov/vuln/detail/CVE-2021-2351
CVE-2021-38593Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).7.5https://nvd.nist.gov/vuln/detail/CVE-2021-38593
CVE-2021-21823An information disclosure vulnerability exists in the Friend finder functionality of GmbH Komoot version 10.26.9 up to 11.1.11. A specially crafted series of network requests can lead to the disclosure of sensitive information.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-21823
CVE-2021-35497The FTL Server (tibftlserver) and Docker images containing tibftlserver components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, TIBCO ActiveSpaces - Enterprise Edition, TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contain a vulnerability that theoretically allows a non-administrative, authenticated FTL user to trick the affected components into creating illegitimate certificates. These maliciously generated certificates can be used to enable man-in-the-middle attacks or to escalate privileges so that the malicious user has administrative privileges. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Developer Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Enterprise Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO FTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, and TIBCO eFTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-35497
CVE-2021-35574Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).7.5https://nvd.nist.gov/vuln/detail/CVE-2021-35574
CVE-2021-42697Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-42697
CVE-2021-21955An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-21955
CVE-2021-45034A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-45034
CVE-2021-40406A denial of service vulnerability exists in the cgiserver.cgi session creation functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to prevent users from logging in. An attacker can send an HTTP request to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40406
CVE-2021-40419A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of network requests can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40419
CVE-2021-40423A denial of service vulnerability exists in the cgiserver.cgi API command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of HTTP requests can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40423
CVE-2022-21134A firmware update vulnerability exists in the &quot;update&quot; firmware checks functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-21134
CVE-2022-21236An information disclosure vulnerability exists due to a web server misconfiguration in the Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-21236
CVE-2022-21801A denial of service vulnerability exists in the netserver recv_command functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to a reboot. An attacker can send a malicious packet to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-21801
CVE-2021-44384A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzTattern param is not object. An attacker can send an HTTP request to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-44384
CVE-2021-46669MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-46669
CVE-2021-21964A denial of service vulnerability exists in the Modbus configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-21964
CVE-2022-21698client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-21698
CVE-2021-38266The Portal Security module in Liferay Portal 7.2.1 and earlier, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17 and 7.2 before fix pack 5 does not correctly import users from LDAP, which allows remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exist in LDAP.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-38266
CVE-2022-24921regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24921
CVE-2022-24713regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24713
CVE-2022-22719A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-22719
CVE-2022-27191The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27191
CVE-2022-23345BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23345
CVE-2022-23347BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23347
CVE-2022-23352An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS).7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23352
CVE-2018-25032zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-25032
CVE-2022-0741Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0741
CVE-2021-32978The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32978
CVE-2021-32982Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32982
CVE-2021-32994Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 to 5.64 exported library functions don't properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets to access several unexpected memory locations.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32994
CVE-2021-33010An exception is thrown from a function in AVEVA System Platform versions 2017 through 2020 R2 P01, but it is not caught, which may cause a denial-of-service condition.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-33010
CVE-2022-23698A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23698
CVE-2022-27649A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27649
CVE-2022-27650A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27650
CVE-2022-25584Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E Network Video System 4.23-3000_GY allows attackers to access sensitive information.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25584
CVE-2021-44108A null pointer dereference in src/amf/namf-handler.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request to amf.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-44108
CVE-2021-44109A buffer overflow in lib/sbi/message.c in Open5GS 2.3.6 and earlier allows remote attackers to Denial of Service via a crafted sbi request.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-44109
CVE-2021-45893An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is Improper Handling of Case Sensitivity, which makes password guessing easier.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-45893
CVE-2022-26281BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26281
CVE-2020-23349An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk.share.WbShareTransActivity), any unexported Activities could be started by the com.sina.weibo.sdk.share.WbShareTransActivity.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-23349
CVE-2022-24795yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24795
CVE-2022-23974In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially crafted request can potentially be exploited to cause disruption in pinot service. Pinot release 0.10.0 fixes this. See https://docs.pinot.apache.org/basics/releases/0.10.07.5https://nvd.nist.gov/vuln/detail/CVE-2022-23974
CVE-2021-30497Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can obtain sensitive information via the C:/Windows/system32/config/system.sav value.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-30497
CVE-2022-24793PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that uses PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver instead.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24793
CVE-2021-26113A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN before 4.5.9 may allow an attacker who has previously come in possession of the password file to potentially guess passwords therein stored.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-26113
CVE-2022-24822Podium is a library for building micro frontends. @podium/layout is a module for building a Podium layout server, and @podium/proxy is a module for proxying HTTP requests from a layout server to a podlet server. In @podium/layout prior to version 4.6.110 and @podium/proxy prior to version 4.2.74, an attacker using the `Trailer` header as part of the request against proxy endpoints has the ability to take down the server. All Podium layouts that include podlets with proxy endpoints are affected. `@podium/layout`, which is the main way developers/users are vulnerable to this exploit, has been patched in version `4.6.110`. All earlier versions are vulnerable.`@podium/proxy`, which is the source of the vulnerability and is used by `@podium/layout` has been patched in version `4.2.74`. All earlier versions are vulnerable. It is not easily possible to work around this issue without upgrading.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24822
CVE-2022-20756A vulnerability in the RADIUS feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. This vulnerability is due to improper handling of certain RADIUS requests. An attacker could exploit this vulnerability by attempting to authenticate to a network or a service where the access server is using Cisco ISE as the RADIUS server. A successful exploit could allow the attacker to cause Cisco ISE to stop processing RADIUS requests, causing authentication/authorization timeouts, which would then result in legitimate requests being denied access. Note: To recover the ability to process RADIUS packets, a manual restart of the affected Policy Service Node (PSN) is required. See the Details section for more information.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-20756
CVE-2022-26591FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attackers to access and download arbitrary files via a crafted GET request.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26591
CVE-2020-27374Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to a Replay Attack to BP Monitoring.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-27374
CVE-2021-46417Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-46417
CVE-2021-46418An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-46418
CVE-2021-43429A Denial of Service vulnerability exists in CORTX-S3 Server as of 11/7/2021 via the mempool_destroy method due to a failture to release locks pool->lock.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-43429
CVE-2022-0677Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. This issue affects: Bitdefender Update Server versions prior to 3.4.0.276. Bitdefender GravityZone versions prior to 26.4-1. Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.171. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.1.111.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0677
CVE-2022-22517An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be closed.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-22517
CVE-2022-26675aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal attacks to access arbitrary files under website root directory.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26675
CVE-2022-1219SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data7.5https://nvd.nist.gov/vuln/detail/CVE-2022-1219
CVE-2022-28002Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-28002
CVE-2021-43521A Buffer Overflow vulnerability exists in zlog 1.2.15 via zlog_conf_build_with_file in src/zlog/src/conf.c.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-43521
CVE-2021-43498An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h, form_password_hidden, and form_change HTTP POST parameters are set.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-43498
CVE-2022-27279InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file read via the function sub_177E0.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27279
CVE-2022-27286D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanNonLogin. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27286
CVE-2022-27287D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPPoE. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27287
CVE-2022-27288D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanPPTP. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27288
CVE-2022-27289D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanL2TP. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27289
CVE-2022-27290D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanDhcpplus. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27290
CVE-2022-27291D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formdumpeasysetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the config.save_network_enabled parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27291
CVE-2022-27292D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formLanguageChange. This vulnerability allows attackers to cause a Denial of Service (DoS) via the nextPage parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27292
CVE-2022-27293D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27293
CVE-2022-27294D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanWizardSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27294
CVE-2022-27295D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formAdvanceSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27295
CVE-2022-1252Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-1252
CVE-2022-27041Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27041
CVE-2022-0828The Download Manager WordPress plugin before 3.2.39 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0828
CVE-2022-0920The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0920
CVE-2022-0989An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0989
CVE-2021-38929IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Force ID: 210330.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-38929
CVE-2021-38930IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Force ID: 210331.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-38930
CVE-2021-40065The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40065
CVE-2021-46740The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-46740
CVE-2021-4047The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-4047
CVE-2022-22253The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-22253
CVE-2022-22254A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-22254
CVE-2022-22255The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-22255
CVE-2022-22256The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-22256
CVE-2022-22257The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-22257
CVE-2022-24836Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24836
CVE-2022-24839org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library `org.cyberneko.html` is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24839
CVE-2022-1302In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-1302
CVE-2022-25751A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the HTTP headers of incoming requests. This could allow an unauthenticated remote attacker to crash affected devices.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25751
CVE-2022-25755A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25755
CVE-2022-26334A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26334
CVE-2022-26335A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26335
CVE-2022-26380A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices do not properly validate if a certain SNMP key exists. An attacker could use this to trigger a reboot of an affected device by requesting specific SNMP information from the device.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26380
CVE-2022-27194A vulnerability has been identified in SIMATIC PCS neo (Administration Console) (All versions < V3.1 SP1), SINETPLAN (All versions), TIA Portal (V15, V15.1, V16 and V17). The affected system cannot properly process specially crafted packets sent to port 8888/tcp. A remote attacker could exploit this vulnerability to cause a Denial-of-Service condition. The affected devices must be restarted manually.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27194
CVE-2022-27241A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions), Mendix Applications using Mendix 8 (All versions), Mendix Applications using Mendix 9 (All versions < V9.11). Applications built with an affected system publicly expose the internal project structure. This could allow an unauthenticated remote attacker to read confidential information.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27241
CVE-2022-27480A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27480
CVE-2022-28328A vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle malformed Multicast LLC frames. This could allow an attacker to trigger a denial of service condition.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-28328
CVE-2022-23703A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates initiated by the Nimble appliance. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 5.0.10.100, 5.2.1.500, 6.0.0.1007.5https://nvd.nist.gov/vuln/detail/CVE-2022-23703
CVE-2022-27261An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27261
CVE-2022-27376MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27376
CVE-2022-27377MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27377
CVE-2022-27380An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27380
CVE-2022-21983Win32 Stream Enumeration Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24534.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-21983
CVE-2022-24485Win32 File Enumeration Remote Code Execution Vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24485
CVE-2022-24534Win32 Stream Enumeration Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21983.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24534
CVE-2022-26830DiskUsage.exe Remote Code Execution Vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26830
CVE-2022-26831Windows LDAP Denial of Service Vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26831
CVE-2022-26832.NET Framework Denial of Service Vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26832
CVE-2022-26915Windows Secure Channel Denial of Service Vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26915
CVE-2022-26924YARP Denial of Service Vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26924
CVE-2022-21421Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 5.9.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).7.5https://nvd.nist.gov/vuln/detail/CVE-2022-21421
CVE-2022-21422Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager). Supported versions that are affected are 12.0.0.4 and 12.0.0.5. Difficult to exploit vulnerability allows low privileged attacker with network access via TCP to compromise Oracle Communications Billing and Revenue Management. Successful attacks of this vulnerability can result in takeover of Oracle Communications Billing and Revenue Management. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).7.5https://nvd.nist.gov/vuln/detail/CVE-2022-21422
CVE-2022-21441Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3/IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).7.5https://nvd.nist.gov/vuln/detail/CVE-2022-21441
CVE-2022-21449Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).7.5https://nvd.nist.gov/vuln/detail/CVE-2022-21449
CVE-2022-21466Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Tools and Frameworks). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Commerce Guided Search accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).7.5https://nvd.nist.gov/vuln/detail/CVE-2022-21466
CVE-2022-21476Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).7.5https://nvd.nist.gov/vuln/detail/CVE-2022-21476
CVE-2018-3834An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the kind of firmware image that is going to be installed and thus allows for flashing any signed firmware into any MCU. Since the device contains different and incompatible MCUs, flashing one firmware to the wrong MCU will result in a permanent brick condition. To trigger this vulnerability, an attacker needs to impersonate the remote server "cache.insteon.com" and serve a signed firmware image.7.4https://nvd.nist.gov/vuln/detail/CVE-2018-3834
CVE-2016-9048Multiple exploitable SQL Injection vulnerabilities exists in ProcessMaker Enterprise Core 3.0.1.7-community. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain setups access the underlying operating system.7.4https://nvd.nist.gov/vuln/detail/CVE-2016-9048
CVE-2019-5152An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An attacker can send arbitrary packets to trigger this vulnerability.7.4https://nvd.nist.gov/vuln/detail/CVE-2019-5152
CVE-2021-21968A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to arbitrary file overwrite. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.7.4https://nvd.nist.gov/vuln/detail/CVE-2021-21968
CVE-2021-44531Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.7.4https://nvd.nist.gov/vuln/detail/CVE-2021-44531
CVE-2021-42324An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470. Due to improper parameter validation in the console interface, it is possible for a low-privileged authenticated attacker to escape the sandbox environment and execute system commands as root via shell metacharacters in the capture command parameters. Command output will be shown on the Serial interface of the device. Exploitation requires both credentials and physical access.7.4https://nvd.nist.gov/vuln/detail/CVE-2021-42324
CVE-2021-45104An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users' jobs and data.7.4https://nvd.nist.gov/vuln/detail/CVE-2021-45104
CVE-2018-3962A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the CreationDate property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.7.3https://nvd.nist.gov/vuln/detail/CVE-2018-3962
CVE-2019-1020018Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link.7.3https://nvd.nist.gov/vuln/detail/CVE-2019-1020018
CVE-2022-25154A DLL hijacking vulnerability in Samsung portable SSD T5 PC software before 1.6.9 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows 7, 10, or 11 to exploit this vulnerability.)7.3https://nvd.nist.gov/vuln/detail/CVE-2022-25154
CVE-2022-1248A vulnerability was found in SAP Information System 1.0 which has been rated as critical. Affected by this issue is the file /SAP_Information_System/controllers/add_admin.php. An unauthenticated attacker is able to create a new admin account for the web application with a simple POST request. Exploit details were disclosed.7.3https://nvd.nist.gov/vuln/detail/CVE-2022-1248
CVE-2022-26671Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service.7.3https://nvd.nist.gov/vuln/detail/CVE-2022-26671
CVE-2022-22339IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 219736.7.3https://nvd.nist.gov/vuln/detail/CVE-2022-22339
CVE-2022-27883A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an attacker must at least have low-level privileges on the system to attempt to exploit this vulnerability.7.3https://nvd.nist.gov/vuln/detail/CVE-2022-27883
CVE-2022-23449A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path.7.3https://nvd.nist.gov/vuln/detail/CVE-2022-23449
CVE-2022-26921Visual Studio Code Elevation of Privilege Vulnerability.7.3https://nvd.nist.gov/vuln/detail/CVE-2022-26921
CVE-2017-2851In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow.7.2https://nvd.nist.gov/vuln/detail/CVE-2017-2851
CVE-2017-2832An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during a password change resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2017-2832
CVE-2018-3937An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2018-3937
CVE-2017-2872Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to the device, binaries as well as arguments to shell commands contained in the image are executed with elevated privileges.7.2https://nvd.nist.gov/vuln/detail/CVE-2017-2872
CVE-2017-2873An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SoftAP configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2017-2873
CVE-2018-3953Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. When the 'preinit' binary receives the SIGHUP signal, it enters a code path that continues until it reaches offset 0x0042B5C4 in the 'start_lltd' function. Within the 'start_lltd' function, a 'nvram_get' call is used to obtain the value of the user-controlled 'machine_name' NVRAM entry. This value is then entered directly into a command intended to write the host name to a file and subsequently executed.7.2https://nvd.nist.gov/vuln/detail/CVE-2018-3953
CVE-2018-3954Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAMData entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. When the 'preinit' binary receives the SIGHUP signal it enters a code path that calls a function named 'set_host_domain_name' from its libshared.so shared object.7.2https://nvd.nist.gov/vuln/detail/CVE-2018-3954
CVE-2018-3955An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send an authenticated HTTP request to trigger this vulnerability. Data entered into the 'Domain Name' input field through the web portal is submitted to apply.cgi as the value to the 'wan_domain' POST parameter. The wan_domain data goes through the nvram_set process described above. When the 'preinit' binary receives the SIGHUP signal it enters a code path that calls a function named 'set_host_domain_name' from its libshared.so shared object.7.2https://nvd.nist.gov/vuln/detail/CVE-2018-3955
CVE-2018-3951An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in remote code execution on the device. An attacker can send an authenticated HTTP request to trigger this vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2018-3951
CVE-2018-4019An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_normal_mode` parameter.7.2https://nvd.nist.gov/vuln/detail/CVE-2018-4019
CVE-2018-4020An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_ac_mode` POST parameter parameter.7.2https://nvd.nist.gov/vuln/detail/CVE-2018-4020
CVE-2018-4021An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_battery_mode` POST parameter.7.2https://nvd.nist.gov/vuln/detail/CVE-2018-4021
CVE-2019-1020011SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority.7.2https://nvd.nist.gov/vuln/detail/CVE-2019-1020011
CVE-2019-5142An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various authenticated requests to trigger this vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2019-5142
CVE-2019-5165An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2019-5165
CVE-2020-10386admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory.7.2https://nvd.nist.gov/vuln/detail/CVE-2020-10386
CVE-2020-10389admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings.7.2https://nvd.nist.gov/vuln/detail/CVE-2020-10389
CVE-2020-6114An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2020-6114
CVE-2021-21819A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-21819
CVE-2021-21880A directory traversal vulnerability exists in the Web Manager FsCopyFile functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-21880
CVE-2021-21885A directory traversal vulnerability exists in the Web Manager FsMove functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-21885
CVE-2021-21895A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to FsTFtp file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-21895
CVE-2021-21904A directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’ iC Module CMA Version 5.0. An attacker can provide malicious input to trigger this vulnerability7.2https://nvd.nist.gov/vuln/detail/CVE-2021-21904
CVE-2021-21905Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA Connect”, to interact with the iC Module on behalf of the user. After a client successfully authenticates, they can send plaintext commands to manipulate the device.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-21905
CVE-2021-21906Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA Connect”, to interact with the iC Module on behalf of the user. Every time a user submits a password to the CLI password prompt, the buffer containing their input is passed as the password parameter to the checkPassword function.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-21906
CVE-2021-40410An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [4] the dns_data->dns1 variable, that has the value of the dns1 parameter provided through the SetLocal API, is not validated properly. This would lead to an OS command injection.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-40410
CVE-2021-40411An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [6] the dns_data->dns2 variable, that has the value of the dns2 parameter provided through the SetLocalLink API, is not validated properly. This would lead to an OS command injection.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-40411
CVE-2021-40412An OScommand injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [8] the devname variable, that has the value of the name parameter provided through the SetDevName API, is not validated properly. This would lead to an OS command injection.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-40412
CVE-2021-32977AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies, the cryptographic signature for data.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-32977
CVE-2021-32981AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-32981
CVE-2021-32985AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-32985
CVE-2022-26982SimpleMachinesForum 2.1.1 and earlier allows remote authenticated administrators to execute arbitrary code by inserting a vulnerable php code because the themes can be modified by an administrator.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-26982
CVE-2022-26251The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-26251
CVE-2022-22410IBM Watson Query with Cloud Pak for Data as a Service could allow an authenticated user to obtain sensitive information that would allow them to examine or alter system configurations or data sources connected to the service. IBM X-Force ID: 222763.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-22410
CVE-2022-20754Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. For more information about these vulnerabilities, see the Details section of this advisory.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-20754
CVE-2022-20755Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. For more information about these vulnerabilities, see the Details section of this advisory.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-20755
CVE-2022-26607A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 was discovered to allow attackers to execute arbitrary code via uploading a crafted PHP file.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-26607
CVE-2022-27061AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-27061
CVE-2022-27349Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-27349
CVE-2021-46436An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-46436
CVE-2021-46367RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-46367
CVE-2022-1006The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks7.2https://nvd.nist.gov/vuln/detail/CVE-2022-1006
CVE-2022-1008The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed7.2https://nvd.nist.gov/vuln/detail/CVE-2022-1008
CVE-2022-1023The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file7.2https://nvd.nist.gov/vuln/detail/CVE-2022-1023
CVE-2021-37292An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor account with admin highest privileges and obtain system control.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-37292
CVE-2022-27573Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-27573
CVE-2022-27574Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-27574
CVE-2022-24536Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-24536
CVE-2022-26811Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-26811
CVE-2022-26812Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-26812
CVE-2022-26813Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-26813
CVE-2022-26815Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-26815
CVE-2022-26823Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26824, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-26823
CVE-2022-26824Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26825, CVE-2022-26826, CVE-2022-26829.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-26824
CVE-2022-26825Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26826, CVE-2022-26829.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-26825
CVE-2022-26826Windows DNS Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24536, CVE-2022-26811, CVE-2022-26812, CVE-2022-26813, CVE-2022-26814, CVE-2022-26815, CVE-2022-26817, CVE-2022-26818, CVE-2022-26819, CVE-2022-26820, CVE-2022-26821, CVE-2022-26822, CVE-2022-26823, CVE-2022-26824, CVE-2022-26825, CVE-2022-26829.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-26826
CVE-2022-26898Azure Site Recovery Remote Code Execution Vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-26898
CVE-2022-21410Vulnerability in the Oracle Database - Enterprise Edition Sharding component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Sharding. Successful attacks of this vulnerability can result in takeover of Oracle Database - Enterprise Edition Sharding. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).7.2https://nvd.nist.gov/vuln/detail/CVE-2022-21410
CVE-2017-12613When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.7.1https://nvd.nist.gov/vuln/detail/CVE-2017-12613
CVE-2017-14461A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server.7.1https://nvd.nist.gov/vuln/detail/CVE-2017-14461
CVE-2017-14450A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability.7.1https://nvd.nist.gov/vuln/detail/CVE-2017-14450
CVE-2018-3854An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowing the password. An attacker needs to have access to the password-protected files to trigger this vulnerability.7.1https://nvd.nist.gov/vuln/detail/CVE-2018-3854
CVE-2019-5139An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts.7.1https://nvd.nist.gov/vuln/detail/CVE-2019-5139
CVE-2020-13522An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability.7.1https://nvd.nist.gov/vuln/detail/CVE-2020-13522
CVE-2020-8177curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.7.1https://nvd.nist.gov/vuln/detail/CVE-2020-8177
CVE-2021-32938Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing of DWG files resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of service condition or read sensitive information from memory.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-32938
CVE-2021-32940An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or read sensitive information from memory locations.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-32940
CVE-2021-32950An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of-service condition or read sensitive information from memory locations.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-32950
CVE-2021-31360An improper privilege management vulnerability in the Juniper Networks Junos OS and Junos OS Evolved command-line interpreter (CLI) allows a low-privileged user to overwrite local files as root, possibly leading to a system integrity issue or Denial of Service (DoS). Depending on the files overwritten, exploitation of this vulnerability could lead to a sustained Denial of Service (DoS) condition, requiring manual user intervention to recover. Systems are only vulnerable if jdhcpd is running, which can be confirmed via the 'show system processes' command. For example: root@host# run show system processes extensive | match dhcp 26537 root -16 0 97568K 13692K RUN 0 0:01 3.71% jdhcpd This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-31360
CVE-2022-0891A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact7.1https://nvd.nist.gov/vuln/detail/CVE-2022-0891
CVE-2022-0995An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-0995
CVE-2021-3461A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].7.1https://nvd.nist.gov/vuln/detail/CVE-2021-3461
CVE-2022-22514An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. This causes a null pointer dereference in the CmpSettings component of the affected CODESYS products and leads to a crash.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-22514
CVE-2022-27823Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-27823
CVE-2022-27824Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file7.1https://nvd.nist.gov/vuln/detail/CVE-2022-27824
CVE-2022-27825Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-27825
CVE-2016-9032An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer overflow in the nm variable leading to an out of bounds memory access and could result in potential privilege escalation. This vulnerability is distinct from CVE-2016-9034.7https://nvd.nist.gov/vuln/detail/CVE-2016-9032
CVE-2016-9033An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer overflow in the path variable leading to an out of bounds memory access and could result in potential privilege escalation. This vulnerability is distinct from CVE-2016-9035.7https://nvd.nist.gov/vuln/detail/CVE-2016-9033
CVE-2016-9034An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a buffer overflow in the nm variable leading to an out of bounds memory access and could result in potential privilege escalation. This vulnerability is distinct from CVE-2016-9032.7https://nvd.nist.gov/vuln/detail/CVE-2016-9034
CVE-2016-9035An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer overflow in the path variable leading to an out of bounds memory access and could result in potential privilege escalation. This vulnerability is distinct from CVE-2016-9033.7https://nvd.nist.gov/vuln/detail/CVE-2016-9035
CVE-2016-8707An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.7https://nvd.nist.gov/vuln/detail/CVE-2016-8707
CVE-2017-2834An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle attack to trigger this vulnerability.7https://nvd.nist.gov/vuln/detail/CVE-2017-2834
CVE-2018-3968An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy image format. To trigger this vulnerability, a local attacker needs to be able to supply the image to boot.7https://nvd.nist.gov/vuln/detail/CVE-2018-3968
CVE-2019-12817arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected.7https://nvd.nist.gov/vuln/detail/CVE-2019-12817
CVE-2019-13226deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary location. By winning a race condition, the attacker can also enter the mount point, thereby preventing a subsequent unmount of the file system.7https://nvd.nist.gov/vuln/detail/CVE-2019-13226
CVE-2019-11552Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user.7https://nvd.nist.gov/vuln/detail/CVE-2019-11552
CVE-2019-9458In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.7https://nvd.nist.gov/vuln/detail/CVE-2019-9458
CVE-2019-18683An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.7https://nvd.nist.gov/vuln/detail/CVE-2019-18683
CVE-2019-12418When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.7https://nvd.nist.gov/vuln/detail/CVE-2019-12418
CVE-2022-23181The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.7https://nvd.nist.gov/vuln/detail/CVE-2022-23181
CVE-2021-3609.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.7https://nvd.nist.gov/vuln/detail/CVE-2021-3609
CVE-2021-3640A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.7https://nvd.nist.gov/vuln/detail/CVE-2021-3640
CVE-2022-26488In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2.7https://nvd.nist.gov/vuln/detail/CVE-2022-26488
CVE-2022-26357race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the housekeeping structures has a race, allowing for VT-d domain IDs to be leaked and flushes to be bypassed.7https://nvd.nist.gov/vuln/detail/CVE-2022-26357
CVE-2022-28796jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.7https://nvd.nist.gov/vuln/detail/CVE-2022-28796
CVE-2022-27834Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions.7https://nvd.nist.gov/vuln/detail/CVE-2022-27834
CVE-2022-24482Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24540.7https://nvd.nist.gov/vuln/detail/CVE-2022-24482
CVE-2022-24495Windows Direct Show - Remote Code Execution Vulnerability.7https://nvd.nist.gov/vuln/detail/CVE-2022-24495
CVE-2022-24540Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24482.7https://nvd.nist.gov/vuln/detail/CVE-2022-24540
CVE-2022-26807Windows Work Folder Service Elevation of Privilege Vulnerability.7https://nvd.nist.gov/vuln/detail/CVE-2022-26807
CVE-2022-26808Windows File Explorer Elevation of Privilege Vulnerability.7https://nvd.nist.gov/vuln/detail/CVE-2022-26808
CVE-2022-26827Windows File Server Resource Management Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26810.7https://nvd.nist.gov/vuln/detail/CVE-2022-26827
CVE-2022-26828Windows Bluetooth Driver Elevation of Privilege Vulnerability.7https://nvd.nist.gov/vuln/detail/CVE-2022-26828
CVE-2022-26904Windows User Profile Service Elevation of Privilege Vulnerability.7https://nvd.nist.gov/vuln/detail/CVE-2022-26904
CVE-2017-12114An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the