Mitre.org April 2024 Coupon Codes

CVE-2023-20162 Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service () condition or execute arbitrary code with roo...

Posted 11 months ago (18 May 2023)

CVE-2023-0670 Ulearn version allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the application does ...

Posted 1 year ago (05 April 2023)

CVE-2023-26602 ASUS iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.

Posted 1 year ago (26 February 2023)

CVE-2021-32853 Erxes, an experience operating system () with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirec...

Posted 1 year ago (20 February 2023)

CVE-2022-34885 An improper input sanitization vulnerability in the Motorola router could allow a local user with elevated permissions to execute arbitrary code.

Posted 1 year ago (30 January 2023)

CVE-2022-27538 A potential Time-of-Check to Time-of-Use () vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS...

Posted 1 year ago (30 January 2023)

CVE-2022-43971 An arbitrary code exection vulnerability exists in Linksys Wireless-AC Universal Media Connector with firmware <= 1.0.02 (build3). The do_setNTP function within the httpd binary uses unvalidated user input ...

Posted 1 year ago (09 January 2023)

CVE-2022-43973 An arbitrary code execution vulnerability exisits in Linksys Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the con...

Posted 1 year ago (09 January 2023)

CVE-2022-38476 A data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password. This vulnerability affect...

Posted 1 year ago (22 December 2022)

CVE-2022-35897 An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading ...

Posted 1 year ago (21 November 2022)

CVE-2022-20459 In () of (), there is a possible way to redirect code execution due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not neede...

Posted 1 year ago (17 November 2022)

CVE-2021-26391 Insufficient verification of multiple header signatures while loading a Trusted Application () may allow an attacker with privileges to gain code execution in that or the OS/kernel.

Posted 1 year ago (09 November 2022)

CVE-2021-26392 Insufficient verification of missing size check in '' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA.

Posted 1 year ago (09 November 2022)

CVE-2020-21016 D-Link DIR-846 devices with firmware allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php.

Posted 1 year ago (31 October 2022)

CVE-2022-3586 A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer () cb field after the same had been enqueued (and freed) into a child qdisc. Thi...

Posted 2 years ago (21 October 2022)

CVE-2022-38983 The BT Hfp Client module has a Use-After-Free () vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution.

Posted 2 years ago (14 October 2022)

CVE-2022-37035 An issue was discovered in bgpd in outing () 8.3. In bgp_notify_send_with_data and bgp_process_packet in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or...

Posted 2 years ago (02 August 2022)

CVE-2021-22650 An attacker may use TWinSoft and a malicious source project file () to extract files on machine executing Ovarro TWinSoft, which could lead to code execution.

Posted 2 years ago (28 July 2022)

CVE-2022-21504 The code in U3 was missing an appropiate file descriptor count to be missing. This resulted in a use count error that allowed a file descriptor to a socket to be closed and freed while it was still in use by another portion of ...

Posted 2 years ago (14 June 2022)

CVE-2022-29522 Use after free vulnerability exists in the simulator module contained in the graphic editor '' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open...

Posted 2 years ago (14 June 2022)

CVE-2022-1107 A potential vulnerability due to use of Boot Services in the SMI handler in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code.

Posted 2 years ago (22 April 2022)

CVE-2022-25325 Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafte...

Posted 2 years ago (07 March 2022)

CVE-2021-46319 Remote Code Execution () vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use "\ " or backticks to bypas...

Posted 2 years ago (17 February 2022)

CVE-2022-23603 iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit user input is not properly sanitized and code injection is possible. Users are advised to upgrade as soon a...

Posted 2 years ago (01 February 2022)

CVE-2021-43298 The code that performs password matching when using '' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic passwor...

Posted 2 years ago (25 January 2022)

CVE-2022-21933 ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt () to modify memory, resulting in arbitrary code execution for controlling th...

Posted 2 years ago (21 January 2022)

CVE-2021-43269 In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config () file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Go...

Posted 2 years ago (19 January 2022)

CVE-2021-43297 A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use as the default serialization/deserialization protocol, during...

Posted 2 years ago (10 January 2022)

CVE-2021-44116 Cross Site Scripting () vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining...

Posted 2 years ago (15 December 2021)

CVE-2021-26335 Improper input and range checking in the Platform Security Processor () boot loader image header may allow for an attacker to use attack-controlled values prior to signature validation potentially resulting in arbitrary code exec...

Posted 2 years ago (16 November 2021)

CVE-2021-35297 Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remote code execution via a crafted DBF file that triggers a buffer overflow. An attacker can use the Structured Exception Handler () records and redirect executio...

Posted 3 years ago (01 October 2021)

RT osama_hroot: vishu10x00 Khaled95677506 Alra3ees It is an old CVE : "" It affected some version…

Posted 4 years ago (07 January 2020)