This strike exploits a remote code execution vulnerability that affects Microsoft .NET Framework, SharePoint, and Visual Studio. This vulnerability is due to improper validation of the source markup of XML file input. An attacker could exploit this vulnerability by enticing a user to open a crafted document or sending maliciously crafted XML content to a server that processes the XML data using the...
CVSS: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
A remote code execution vulnerability exists in Ruby on Rails versions 5 < 5.0.1 and 4 < 4.2.11.2, due to lack of user input validation. The vulnerability manifests itself whenever the 'locals' value for a 'render' call is set to 'params' value. Remote attackers may exploit applications containing the up-mentioned pattern by sending a crafted HTTP request to obtain...
CVSS: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
This strike exploits a vulnerability in Apple Webkit. Specifically, an out of bounds memory access occurs when the AudioArray::Allocate function is invoked in a specific manner. When this happens a denial of service condition, or potentially remote code execution, may occur.
CVSS: 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)
An insecure deserialization vulnerability exists in Apache Tomcat. The vulnerability is due to insufficient validation of a cached session file before deserialization. An attacker can exploit this vulnerability by crafting a malicious HTTP request. Successful exploitation results in full control of the target server.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
A use after free vulnerability exists in PDF parser of Nitro Pro 13.9.1.155 due to incorrect manipulation of objects in memory. An attacker may execute arbitrary code on a victim's system by enticing the victim to open a crafted PDF file. Successful exploitation may lead to remote code execution with the privileges of the user running the application.
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
A command injection vulnerability exists in in Apache Kylin project versions 2.3.0-2.3.2, 2.4.0-2.4.1, 2.5.0-2.5.2, 2.6.0-2.6.4 and 3.0.0. The vulnerability is due to lack of validation for user-supplied input to 'migrate' REST API endpoint. A remote authenticated attacker may execute arbitrary commands by sending a crafted POST request.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
A code execution vulnerability exists in some versions of Microsoft .NET Framework. The vulnerability is due to insecure deserialization of XPS files by the 'XamlReader::Load()' function within 'PresentationFramework.dll'. A remote attacker could exploit this vulnerability by enticing a target user to download and open a crafted XPS file, which may result in the execution of...
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Internet Explorer scripting engine. Specifically, an attacker can craft an HTML page containing a Javascript script which creates an array of objects, and the object is reassigned in a custom sort function which then calls 'CollectGarbage()' resulting in use after free condition due to a dangling pointer. A remote attacker could exploit...
Pages