Strike Database
Important Information
On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.
CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.
For details, click here.
Displaying 321 - 340 of 59925
CVSS: 8.0 (AV:N/AC:L/Au:S/C:C/I:P/A:P)
An OS command injection vulnerability exists in LibreOffice via path traversal in event listeners functionality. The vulnerability is due to missing string sanitization when parsing event listener script sources. By enticing a user to open a crafted "fodt" document, an attacker may achieve remote code execution on the target system.
CVSS: 6.1 (AV:L/AC:L/Au:N/C:P/I:P/A:C)
This strike exploits a integer overflow vulnerability found in SQLite with the FTS3 extension enabled. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by crafting special FTS3 shadow tables. A successful exploit could allow the attacker to execute arbitrary SQL statements.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike executes a vulnerability in a Microsoft Windows Contact file. Specifically a remote attacker can execute arbitrary code on Microsoft Windows by performing code injection in the email field of a Windows Contact file.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a remote code execution in ThinkPHP framework. The flaw is rooted within the 'invokefunction' method as a consequence of no parameter validation. A remote, unauthenticated attacker may thus be able to execute code on the vulnerable machine with the permissions of the user running the web server.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a heap use-after-free vulnerability in libVNC LibVNCServer. The vulnerability is due to improper validation of the file transfer request size by the File Transfer extension. Successful exploitation may result in remote code execution on the target server.
CVSS: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
This strike exploits a stored Cross-Site Scripting vulnerability in WordPress MapSVG Plugin. The vulnerability is a consequence of no user input sanitization when storing the 'data[mapsvg_data]'. A successful exploitation leads to arbitrary code execution in visitors' browsers or credentials theft.
CVSS: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
This strike exploits a denial of service vulnerability in Mosca MQTT broker. When evaluating an invalid regex contained in an MQTT subscribe message, Mosca will terminate abnormally, leading to a denial of service condition.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a heap buffer overflow vulnerability in libVNC LibVNCServer. The vulnerability is due to improper validation of the file transfer request size by the File Transfer extension. Successful exploitation may result in remote code execution on the target server.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Internet Explorer Out-Of-Bound write. Specifically, the vulnerability exists in the Javascript JsArrayFunctionHeapSort. It is possible to craft Javascript in such a way that will cause a denial of service condition in the browser.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a use after free in com.adobe.tvsdk.mediacore.metadata. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a buffer overflow vulnerability in tiffcp component of libtiff. The vulnerability is due to insufficient input validation of an unknown TIFF header field . A remote attacker could exploit this vulnerability by enticing a user to import a specially crafted TIFF file. Successful exploitation could lead to arbitrary code execution or denial-of-service conditions in the context of...
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
This strike exploits a denial of service vulnerability in PowerDNS. In a normal DNS message, the minimum number of bytes in the Additional Section is 16. If this section contains less than 11 bytes, an error in validation will lead to a buffer overread, which then causes the pdns_recursor service to terminate abnormally, leading to a denial of service condition
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a buffer overflow vulnerability in OMRON CX-One CX-Position. When processing project files, the application allows input data to exceed the buffer. An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the application. Successful exploitation could lead to arbitrary code execution.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in Apple WebKit. Specifically, the vulnerability exists in the AbstractValue Set method. Javascript can be crafted in such a way that the attacker can write into the immutable butterfly of a Copy on Write array. This can lead to a use after free condition causing a denial of service or potentially lead to remote code execution.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
A denial of service vulnerability exists in Eclipse Mosquitto broker. The vulnerability is due to a flaw in the module that handles 'Publish' messages. A remote unauthenticated attacker can exploit this vulnerability by sending a malformed message to the target service. Successful exploitation could crash the vulnerable application.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits an vulnerability in the Microsoft Edge browser. Specifically the vulnerability exists inside the Javascript Chakra engine. It is possible to craft Javascript in such a way that when a push or pop method is used on an object with a numeric property the associated InlineArrayPop or InlineArrayPush instruction is called. It is possible to cause type confusion allowing for a denial...
CVSS: 6.8 (AV:N/AC:L/Au:S/C:C/I:N/A:N)
This strike exploits a cross-site scripting vulnerability in Webmin. The vulnerability results from the lack of sanitization when displaying the POST parameter 'history' in '/shell/index.cgi'. A successful exploitation leads to arbitrary code execution in visitors' browsers or credentials theft.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a remote code execution in Zoho ManageEngine OpManager. The vulnerability is due to deserialization of untrusted data by the DataMigrationServlet component. A remote attacker can exploit this vulnerability by sending crafted HTTP requests to the target server. Successful exploitation results in remote code execution.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a buffer overflow vulnerability in Microsoft Outlook client. The vulnerability is due to insufficient input validation of an unknown header field of Outlook Rules (RWZ) files. A remote attacker could exploit this vulnerability by enticing a user to import a maliciously crafted file. Successful exploitation could lead to arbitrary code execution in the context of the user.
CVSS: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)
This strike exploits an SQL injection vulnerability in Dolibarr ERP-CRM. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit. this by sending a specifically crafted 'rowid' parameter, potentially resulting in the execution of SQL commands which may lead to information disclosure.
