Show filters
4,015 Total Results
Displaying 41-50 of 4,015
Sort by:
Attacker Value
Moderate

CVE-2019-17571

Disclosure Date: December 20, 2019 (last updated November 08, 2023)
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
4
1
Attacker Value
Unknown

CVE-2024-38134

Disclosure Date: August 13, 2024 (last updated August 16, 2024)
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
Attack Vector: LocalPrivileges: LowUser Interaction: None
2
1
Attacker Value
Moderate

CVE-2024-38112

Disclosure Date: July 09, 2024 (last updated January 28, 2025)
Windows MSHTML Platform Spoofing Vulnerability
3
1
Attacker Value
Unknown

CVE-2023-38545

Disclosure Date: October 18, 2023 (last updated February 14, 2025)
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
4
0
Attacker Value
Very High

CVE-2022-21906

Disclosure Date: January 11, 2022 (last updated November 28, 2024)
Windows Defender Application Control Security Feature Bypass Vulnerability
3
1
Attacker Value
Unknown

CVE-2021-38666

Disclosure Date: November 10, 2021 (last updated November 28, 2024)
Remote Desktop Client Remote Code Execution Vulnerability
3
1
Attacker Value
High

CVE-2021-34448

Disclosure Date: July 16, 2021 (last updated February 23, 2025)
Scripting Engine Memory Corruption Vulnerability
3
1
Attacker Value
Very Low

CVE-2021-24094

Disclosure Date: February 25, 2021 (last updated November 28, 2024)
Windows TCP/IP Remote Code Execution Vulnerability
3
1
Attacker Value
Unknown

CVE-2020-11022

Disclosure Date: April 29, 2020 (last updated February 21, 2025)
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
4
0
Attacker Value
Low

ADV200006 - Type 1 Font Parsing Remote Code Execution Vulnerability in Windows

Disclosure Date: April 15, 2020 (last updated October 06, 2023)
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1020.
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
1
3
View More Topics  < Previous  Next >