CVE-2023-20162 Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service () condition or execute arbitrary code with roo...
Posted 11 months ago (18 May 2023)
CVE-2021-32853 Erxes, an experience operating system () with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirec...
Posted 1 year ago (20 February 2023)
CVE-2022-27538 A potential Time-of-Check to Time-of-Use () vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS...
Posted 1 year ago (30 January 2023)
CVE-2022-38476 A data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password. This vulnerability affect...
Posted 1 year ago (22 December 2022)
CVE-2022-35897 An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading ...
Posted 1 year ago (21 November 2022)
CVE-2022-3586 A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer () cb field after the same had been enqueued (and freed) into a child qdisc. Thi...
Posted 2 years ago (21 October 2022)
CVE-2022-37035 An issue was discovered in bgpd in outing () 8.3. In bgp_notify_send_with_data and bgp_process_packet in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or...
Posted 2 years ago (02 August 2022)
CVE-2022-21504 The code in U3 was missing an appropiate file descriptor count to be missing. This resulted in a use count error that allowed a file descriptor to a socket to be closed and freed while it was still in use by another portion of ...
Posted 2 years ago (14 June 2022)
CVE-2022-29522 Use after free vulnerability exists in the simulator module contained in the graphic editor '' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open...
Posted 2 years ago (14 June 2022)
CVE-2022-25325 Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafte...
Posted 2 years ago (07 March 2022)
CVE-2022-23603 iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit user input is not properly sanitized and code injection is possible. Users are advised to upgrade as soon a...
Posted 2 years ago (01 February 2022)
CVE-2021-43298 The code that performs password matching when using '' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic passwor...
Posted 2 years ago (25 January 2022)
CVE-2022-21933 ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt () to modify memory, resulting in arbitrary code execution for controlling th...
Posted 2 years ago (21 January 2022)
CVE-2021-43269 In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config () file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Go...
Posted 2 years ago (19 January 2022)
CVE-2021-43297 A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution. Most Dubbo users use as the default serialization/deserialization protocol, during...
Posted 2 years ago (10 January 2022)
CVE-2021-26335 Improper input and range checking in the Platform Security Processor () boot loader image header may allow for an attacker to use attack-controlled values prior to signature validation potentially resulting in arbitrary code exec...
Posted 2 years ago (16 November 2021)
CVE-2021-35297 Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remote code execution via a crafted DBF file that triggers a buffer overflow. An attacker can use the Structured Exception Handler () records and redirect executio...
Posted 3 years ago (01 October 2021)