Page 12 of 46889 results (0.187 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

17 Dec 2024 — A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

17 Dec 2024 — A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

17 Dec 2024 — A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

17 Dec 2024 — A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://autodesk.com/trust/security-advisories/adsk-sa-2024-0027 • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 11

17 Dec 2024 — Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). ... Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). • https://github.com/yiliufeng168/CVE-2024-50379-POC • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

17 Dec 2024 — Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields. • https://gist.github.com/Crispy-fried-chicken/0be4a204e7226fa2cea761c09f027690 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

17 Dec 2024 — Databricks JDBC Driver before 2.6.40 could potentially allow remote code execution (RCE) by triggering a JNDI injection via a JDBC URL parameter. ... An attacker could potentially exploit this vulnerability to achieve Remote Code Execution in the context of the driver by tricking a victim into using a crafted connection URL that uses the property krbJAASFile. • https://kb.databricks.com/en_US/data-sources/security-bulletin-databricks-jdbc-driver-vulnerability-advisory-cve-2024-49194 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

16 Dec 2024 — An improper certificate validation vulnerability was reported in LADM that could allow a network attacker with the ability to redirect an update request to a remote server and execute code with elevated privileges. • https://support.lenovo.co/us/en/product_security/LEN-174319 • CWE-295: Improper Certificate Validation •

CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0

16 Dec 2024 — This could allow an unauthenticated remote attacker to execute arbitrary code. • https://cert-portal.siemens.com/productcert/html/ssa-928984.html • CWE-122: Heap-based Buffer Overflow •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

16 Dec 2024 — Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use specific APIs through phishing to execute arbitrary JavaScript code in the user’s browser. • https://www.twcert.org.tw/en/cp-139-8299-42168-2.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •