Page 250 of 8676 results (0.165 seconds)

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

A stack-based buffer overflow vulnerability exists in NI System Configuration that could result in information disclosure and/or arbitrary code execution. • https://www.ni.com/en/support/documentation/supplemental/23/stack-based-buffer-overflow-in-ni-system-configuration.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1

Successful exploitation could lead to arbitrary code execution. • https://github.com/relative/synchrony/commit/b583126be94c4db7c5a478f1c5204bfb4162cf40 https://github.com/relative/synchrony/security/advisories/GHSA-jg82-xh3w-rhxx https://github.com/relative/synchrony/security/advisories/src/transformers/literalmap.ts • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •

CVSS: 7.8EPSS: 0%CPEs: 110EXPL: 1

An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution. • https://github.com/H4rk3nz0/CVE-2023-20598-PDFWKRNL https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6009 • CWE-269: Improper Privilege Management •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the Gii code generator component. Se descubrió que eSST Monitoring v2.147.1 contiene una vulnerabilidad de ejecución remota de código (RCE) a través del componente generador de código Gii. • https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2023-41630-eSST-Preauth-RCE.pdf • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2

The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the IP Request Headers in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento MpOperationLogs para WordPress es vulnerable a Cross-Site Scripting almacenado a través de los encabezados de solicitud de IP en versiones hasta la 1.0.1 incluida debido a una sanitización de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en páginas que se ejecutarán cada vez que un usuario acceda a una página inyectada. • https://github.com/juweihuitao/MpOperationLogs https://plugins.trac.wordpress.org/browser/mpoperationlogs/trunk/common.php#L10 https://plugins.trac.wordpress.org/browser/mpoperationlogs/trunk/template/ipslist_td.php https://www.wordfence.com/threat-intel/vulnerabilities/id/bc5f1b00-acee-4dc8-acd7-2d3f3493f253? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •