Page 376 of 54830 results (0.217 seconds)

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

25 Jun 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/8915dcd29a82096acacf54364a8425363782aea0 •

CVSS: 8.3EPSS: 1%CPEs: 2EXPL: 3

25 Jun 2024 — VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD. VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active... • https://github.com/Florian-Hoth/CVE-2024-37085-RCE-POC • CWE-305: Authentication Bypass by Primary Weakness •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

25 Jun 2024 — An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. • https://download.avaya.com/css/public/documents/101090768 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

25 Jun 2024 — This vulnerability, along with other vulnerabilities, could lead to code execution in the current process. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

25 Jun 2024 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010 • CWE-125: Out-of-bounds Read •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

25 Jun 2024 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. ... A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. ... An attacker... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009 • CWE-125: Out-of-bounds Read •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

25 Jun 2024 — This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

25 Jun 2024 — A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. ... A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. ... An attac... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009 • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

25 Jun 2024 — An arbitrary file upload vulnerability in /fileupload/upload.cfm in Daemon PTY Limited FarCry Core framework before 7.2.14 allows attackers to execute arbitrary code via uploading a crafted .cfm file. • https://bastionsecurity.co.nz/advisories/farcry-core-multiple.html • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.7EPSS: 0%CPEs: 1EXPL: 0

25 Jun 2024 — An issue in Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, hardware verstion 1.0 firmware 2.0.1 allows a remote attacker to execute arbitrary code via the router's Telnet port 2345 without requiring authentication credentials. • https://github.com/sudo-subho/nepstech-xpon-router-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') •