Strike Database
Important Information
On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.
CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.
For details, click here.
Displaying 341 - 360 of 148036
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a buffer overflow vulnerability in Microsoft Outlook client. The vulnerability is due to insufficient input validation of an unknown header field of Outlook Rules (RWZ) files. A remote attacker could exploit this vulnerability by enticing a user to import a maliciously crafted file. Successful exploitation could lead to arbitrary code execution in the context of the user.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Internet Explorer Out-Of-Bound write. Specifically, the vulnerability exists in the Javascript JsArrayFunctionHeapSort. It is possible to craft Javascript in such a way that will cause a denial of service condition in the browser.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a use after free in com.adobe.tvsdk.mediacore.metadata. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process.
CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
This strike exploits a out of memory vulnerability in Chrome's Javascript V8 engine. The vulnerability resides in the way the browser's engine handles dynamically created arrays. By exploiting the vulnerability an attacker is able to cause denial of service conditions on target's browser.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
This strike exploits a denial of service vulnerability in PowerDNS. In a normal DNS message, the minimum number of bytes in the Additional Section is 16. If this section contains less than 11 bytes, an error in validation will lead to a buffer overread, which then causes the pdns_recursor service to terminate abnormally, leading to a denial of service condition
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits an vulnerability in the Microsoft Edge browser. Specifically the vulnerability exists inside the Javascript Chakra engine. It is possible to craft Javascript in such a way that when a push or pop method is used on an object with a numeric property the associated InlineArrayPop or InlineArrayPush instruction is called. It is possible to cause type confusion allowing for a denial...
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a remote code execution in Zoho ManageEngine OpManager. The vulnerability is due to deserialization of untrusted data by the DataMigrationServlet component. A remote attacker can exploit this vulnerability by sending crafted HTTP requests to the target server. Successful exploitation results in remote code execution.
CVSS: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)
This strike exploits an SQL injection vulnerability in Dolibarr ERP-CRM. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit. this by sending a specifically crafted 'rowid' parameter, potentially resulting in the execution of SQL commands which may lead to information disclosure.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
A heap buffer overflow exists in Rockwell Automation RSLinx Classic. The vulnerability is due to a flaw in the module that processes EtherNet/IP SendRRData messages. A remote unauthenticated attacker can exploit this vulnerability by sending a malformed packet to the target service. Successful exploitation could lead to arbitrary code execution or crash of the vulnerable application.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
This strike exploits a stack buffer overflow in Hewlett Packard Enterprise (HPE) Intelligent Management Center (IMC). An overly long user supplied curDir parameter sent to the dbman service gets written to a stack-based buffer with a fixed size causing a buffer overflow to occur. This can cause a denial of service condition to occur or potentially allow for remote code execution.
CVSS: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
This strike exploits an information disclosure vulnerability in the Mozilla Firefox browser. Specifically, the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that result in the stack pointer being off by 8 bytes. When this occurs a memory address gets leaked that can be used as part of an exploit. This strike demonstrates the information disclosure by dumping the leaked...
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
This strike exploits a null pointer dereference vulnerability in Microsoft Edge browser. The vulnerability resides in the way the browser's engine handles dynamically created namespacesURI elements. By exploiting the vulnerability an attacker is able to cause denial of service conditions on target's browser.
CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
An out-of-bounds read vulnerability exists in Foxit Reader and PhantomPDF. This vulnerability is due to improper handling of the xdpContent property of a submit object. A remote attacker could exploit this vulnerability by enticing a user to open a malicious PDF document. Successful exploitation would allow the attacker to gain sensitive information that may help in further attacks.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits an out-of-bounds write in Netatalk package. The vulnerability is due to a missing bounds check in the handling of the DSI Opensession command. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target application. Successful exploitation could lead to arbitrary code execution with privileges of the root user.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a remote code execution vulnerability in the PHP imap_open function on Ubuntu or Debian. This vulnerability is due to improper handling of the -oProxyCommand values when a client sends http traffic to the server which has some imap functionality. A remote attacker can exploit this vulnerability by sending crafted http requests to the target server. Successful exploitation results...
CVSS: 4.3 (AV:N/AC:M/AU:N/C:N/I:P/A:N)
This strike exploits a reflected XSS vulnerability inside the Samsung DVR Web Viewer. Web Viewer is vulnerable to a cross-site scripting attack that will allow remote attackers to inject code.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Windows scripting engine. The vulnerability is due to incorrect handling of objects in memory. An attacker could exploit this vulnerability by enticing a user to view a malicious web page. Successful exploitation of the vulnerability could trigger a code execution condition on client side.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike replicates a remote code execution attack on Ruby on Rails (<5.2.2.1, <6.0.0.beta3). The flaw resides in the deterministic way the platform generates its secret token in development mode, making it easy to be guessed. A successful exploitation results in arbitrary code execution through Marshal object injection.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a denial of service vulnerability in HPE Intelligent Management Center. The vulnerability is due to improper validation of user input on port 2810. By exploiting this vulnerability, a remote, unauthenticated attacker could run arbitrary command on the target server.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability in Mozilla Firefox. Specifically the vulnerability exists in the Javascript engine Spidermonkey. Inside SpiderMonkey, IonMonkey fails to detect changes properly when the ObjGroup is modified during a prototype change. This can lead to a denial of service or potentially allow for remote code execution to occur.
