Show filters
1,148 topics marked with the following tags:
Displaying 11-20 of 1,148
Sort by:
Attacker Value
Unknown

CVE-2017-11774

Disclosure Date: October 13, 2017 (last updated October 05, 2023)
Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."
Attacker Value
Unknown

CVE-2014-4404

Disclosure Date: September 18, 2014 (last updated October 05, 2023)
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
0
Attacker Value
Unknown

CVE-2019-9978

Disclosure Date: March 24, 2019 (last updated October 06, 2023)
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.
Attacker Value
Unknown

CVE-2011-4723

Disclosure Date: December 20, 2011 (last updated October 04, 2023)
The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.
0
Attacker Value
Unknown

CVE-2022-39197

Disclosure Date: September 22, 2022 (last updated October 08, 2023)
An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed).
Attacker Value
Unknown

CVE-2012-2034

Disclosure Date: June 09, 2012 (last updated October 04, 2023)
Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2037.
0
Attacker Value
Unknown

CVE-2015-1769

Disclosure Date: August 15, 2015 (last updated October 05, 2023)
Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Mount Manager Elevation of Privilege Vulnerability."
1
Attacker Value
Unknown

CVE-2021-30761

Disclosure Date: September 08, 2021 (last updated May 16, 2024)
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
Attacker Value
Unknown

CVE-2019-12989

Disclosure Date: July 16, 2019 (last updated October 06, 2023)
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.
Attacker Value
Unknown

CVE-2021-22506

Disclosure Date: March 26, 2021 (last updated November 08, 2023)
Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.