Displaying 281 - 300 of 38219

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits an out-of-bounds write in Netatalk package. The vulnerability is due to a missing bounds check in the handling of the DSI Opensession command. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target application. Successful exploitation could lead to arbitrary code execution with privileges of the root user.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Apple WebKit. Specifically, the vulnerability exists in the AbstractValue Set method. Javascript can be crafted in such a way that the attacker can write into the immutable butterfly of a Copy on Write array. This can lead to a Use-After-Free condition causing a denial of service or potentially lead to remote code execution.

CVSS: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

This strike exploits a use-before-initialization vulnerability in VLC Media Player. The vulnerability arises when a memory allocation fails due to a large enough ChunkSize flag, thus leaving the p peek pointer unintialized. By exploiting this, an attacker could cause information leaks on the target system.

CVSS: 4.3 (AV:N/AC:M/AU:N/C:N/I:P/A:N)

This strike exploits a reflected XSS vulnerability inside the Samsung DVR Web Viewer. Web Viewer is vulnerable to a cross-site scripting attack that will allow remote attackers to inject code.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

This strike exploits a null pointer dereference vulnerability in Microsoft Edge browser. The vulnerability resides in the way the browsers engine handles dynamically created namespacesURI elements. By exploiting the vulnerability an attacker is able to cause denial of service conditions on targets browser.

CVSS: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

This strike exploits a denial of service vulnerability in Mosca MQTT broker. When evaluating an invalid regex contained in an MQTT subscribe message, Mosca will terminate abnormally, leading to a denial of service condition.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose. To trigger this vulnerability, an attacker must send a specially crafted MQTT SUBSCRIBE packet over the network, without a preliminary CONNECT packet. Successful exploitation results in remote code execution or denial of service conditions of the application.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a Use-After-Free in com.adobe.tvsdk.mediacore.metadata. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process.

CVSS: 6.8 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

This strike exploits a vulnerability in Webkit. Specifically, it is possible to create an array having a Proxy object in the prototype chain. This may cause a denial of service condition in the browser or allow for remote code execution to occur.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Internet Explorer Out-Of-Bound write. Specifically, the vulnerability exists in the Javascript JsArrayFunctionHeapSort. It is possible to craft Javascript in such a way that will cause a denial of service condition in the browser.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a buffer overflow vulnerability in Microsoft Outlook client. The vulnerability is due to insufficient input validation of an unknown header field of Outlook Rules RWZ files. A remote attacker could exploit this vulnerability by enticing a user to import a maliciously crafted file. Successful exploitation could lead to arbitrary code execution in the context of the user.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

A denial of service vulnerability exists in Eclipse Mosquitto broker. The vulnerability is due to a flaw in the module that handles Publish messages. A remote unauthenticated attacker can exploit this vulnerability by sending a malformed message to the target service. Successful exploitation could crash the vulnerable application.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

A stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose. The vulnerability is due to insufficient input validation when processing MQTT SUBSCRIBE messages within mg mqtt broker handle subscribe method. To trigger this vulnerability, an attacker must send a specially crafted MQTT packet over the network. Successful exploitation results in remote code...

CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

This strike exploits a OS command injection vulnerability found in Cisco Small Business RV320 and RV325 routers. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by crafting a special HTTP POST request. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

This strike exploits a out of memory vulnerability in Chromes Javascript V8 engine. The vulnerability resides in the way the browsers engine handles dynamically created arrays. By exploiting the vulnerability an attacker is able to cause denial of service conditions on targets browser.

CVSS: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)

This strike exploits an SQL injection vulnerability in Dolibarr ERP-CRM. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit. this by sending a specifically crafted rowid parameter, potentially resulting in the execution of SQL commands which may lead to information disclosure.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a heap Use-After-Free vulnerability in libVNC LibVNCServer. The vulnerability is due to improper validation of the file transfer request size by the File Transfer extension. Successful exploitation may result in remote code execution on the target server.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Windows scripting engine. The vulnerability is due to incorrect handling of objects in memory. An attacker could exploit this vulnerability by enticing a user to view a malicious web page. Successful exploitation of the vulnerability could trigger a code execution condition on client side.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

An insecure deserialization vulnerability exists in HPE intelligent Management Center PLAT v7.3 E0504. The flaw arises due to lack of security checks when processing the POST payload for the /imc/topo/WebDMDebugServlet endpoint. Successful attacks result in arbitrary remote code execution with root privileges.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike replicates a remote code execution attack on Ruby on Rails <5.2.2.1, <6.0.0.beta3. The flaw resides in the deterministic way the platform generates its secret token in development mode, making it easy to be guessed. A successful exploitation results in arbitrary code execution through Marshal object injection.

Pages