Show filters
233 topics marked with the following tags:
Displaying 21-30 of 233
Sort by:
Attacker Value
Very High
CVE-2019-11043
Disclosure Date: October 28, 2019 (last updated November 08, 2023)
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
0
Attacker Value
Unknown
CVE-2010-0188
Disclosure Date: February 22, 2010 (last updated October 04, 2023)
Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
0
Attacker Value
Unknown
CVE-2017-0101
Disclosure Date: March 17, 2017 (last updated October 05, 2023)
The kernel-mode drivers in Transaction Manager in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."
0
Attacker Value
Unknown
CVE-2021-34523
Disclosure Date: July 14, 2021 (last updated December 29, 2023)
Microsoft Exchange Server Elevation of Privilege Vulnerability
1
Attacker Value
Unknown
CVE-2018-8453
Disclosure Date: October 10, 2018 (last updated October 06, 2023)
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
1
Attacker Value
High
CVE-2019-2725
Disclosure Date: April 26, 2019 (last updated October 06, 2023)
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
0
Attacker Value
Unknown
CVE-2019-7192
Disclosure Date: December 05, 2019 (last updated October 06, 2023)
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.
0
Attacker Value
Unknown
CVE-2015-2546
Disclosure Date: September 09, 2015 (last updated October 05, 2023)
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2511, CVE-2015-2517, and CVE-2015-2518.
1
Attacker Value
Unknown
CVE-2013-0431
Disclosure Date: January 31, 2013 (last updated April 27, 2024)
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490.
0
Attacker Value
Unknown
CVE-2018-10562
Disclosure Date: May 04, 2018 (last updated October 06, 2023)
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.
0