Strike Database
Important Information
On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.
CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.
For details, click here.
Displaying 581 - 600 of 58316
CVSS: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
The vulnerability allows attackers read access to arbitrary file contents accessible in the Dell EMC Storage Manager server by insufficient validation of user input on requests. Successful exploitation could result in arbitrary file accessible on target with SYSTEM privileges.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
An SQL injection vulnerability exists in Quest NetVault Backup appliance. The vulnerability is due to insufficient user-supplied input validation within Server Process Manager Service. The successful exploitation of this vulnerability can result in database information disclosure without authentication via a specially crafted HTTP request.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
This strike exploits an information disclosure vulnerability in TRENDnet TEW-751DR v1.03 B03, TEW-752DRU v1.03 B01, and TEW733GR v1.03 B01 devices. An attacker can use global variable $AUTHORIZED GROUP to bypass security checks and use it to read arbitrary files.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the javascript Chakra engine. Javascript can be crafted in such a way that allows for the StringReplace function to be used inline with the JIT process. When the replace function is called it fails to check if a user function is called and type confusion can occur. This may cause a denial of...
CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
This strike exploits a denial of service vulnerability in ISC BIND. RRSIG answer records contain a Type Covered field. There should be an additional answer record of the type listed in the Type Covered field. If the corresponding record does not exist, and assertion failure occurs, resulting in abnormal program termination. Note: It takes 200 malicious messages to complete this attack. For testing...
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits an integer overflow vulnerability in Adobe Acrobat Reader ImageConversion component. The vulnerability is due to improper parsing of BMP data records in an EMF file. Successful exploitation may result in execution of arbitrary code with user privileges. Failure to exploit will not typically result in a crash.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a remote code execution vulnerability in Docker daemon API. An attacker can start a docker container, attach hosts /etc to the container and read/write files in etc.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits an SQL injection vulnerability in Nagios XI. The vulnerability is caused by insufficient validation of user input on HTTP requests which are used to create SQL queries. Successful exploitation could allow an attacker read/write abilities to sensitive information in target server.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Windows Font Library. The vulnerability is caused by improper handling of embedded fonts. A remote attacker could exploit the vulnerability to execute arbitrary code or cause a denial of service BSOD by enticing a user to open a specially crafted TrueType file.
CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
This strike exploits a cross-site scripting vulnerability in Joomla! CMS. This vulnerability is due to inadequate input filtering in com fields. By exploiting this vulnerability an attacker could execute arbitrary scripts on the target Machine.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Mozilla Firefox browser. Specifically, the vulnerability exists in the WebAssembly component of Firefox. When handling a table object, the get and set methods are not properly validated. It is possible for a user to provide a value to the index argument of one of these methods to access random memory in the heap buffer of where this table object is stored....
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a heap overflow vulnerability within tmx check pretran function of modules/tmx/tmx pretran.c, pertaining to the Kamailio SIP server. This vulnerability is due to insufficient sanitization of the input passed to the From tag. An attacker can exploit this vulnerability by sending a specially crafted SIP REGISTER request containing a header with a From tag. Successful exploitation...
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Internet Explorer browser. Specifically, the vulnerability exists in jscript.dll. It is possible to create an uninitialized type variable when making a call to JsArraySlice. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits an Error-Based SQL injection vulnerability in Joomla! Component EkRishta 2.10. The vulnerability is caused by insufficient validation of user input on HTTP requests which are used to create SQL queries. Successful exploitation could allow an attacker to see the database information on the target server.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Chakra Javascript engine. It is possible to craft Javascript in such a way that DeferParse causes an incorrect opcode to be generated. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
An input validation vulnerability has been found in IBM Informix Open Admin Tool. The vulnerability is due to improper parsing of user-supplied input to the SOAP interface. Successful exploitation can result in arbitrary code execution in the security context of the SYSTEM user.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in Javascript Chakra engine. It is possible to craft Javascript in such a way that will bypass the ImplicitCallFlags check by throwing an exception. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits an elevation of privilege vulnerability in Windows. The vulnerability is due to the Win32k component fails to properly handle objects in memory. Attacker can take advantage of this vulnerability to execute malicious commands as SYSTEM.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a remote code execution vulnerability in Hewlett Packard Operations Orchestration. The vulnerability is due to insecure deserialization of user input data sent through HTTP. A remote, unauthenticated attacker can run arbitrary commands on the targeted system under the context of the user running the web application.
CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
This strike exploits a remote command injection vulnerability in the Pivotal Spring Web Flow framework. The vulnerability exists due to insufficient validation of binding SPEL expression. The vulnerability can be exploited by sending a specially crafted HTTP request, allowing arbitrary command injection.
