arbitrary vulnerabilities and exploits

(subscribe to this query)

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it....

Samba Samba Debian Debian Linux 8.02 EDB exploits available1 Metasploit module available73 Github repositories available7 Articles available

`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed...

Npmjs Arborist Oracle Graalvm 20.3.3 Oracle Graalvm 21.2.0 Siemens Sinec Infrastructure Network Services

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none...

The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file....

Gnu A2ps 4.141 Github repository available

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution....

Apple Macos Apple Iphone Os Apple Ipados Apple Watchos Apple Tvos

Visual Studio Remote Code Execution Vulnerability...

Microsoft Visual Studio 2017 Microsoft Visual Studio 2019

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution...

Microsoft Windows Vista -Microsoft Windows Server 2008 R2 Microsoft Windows Server 2008 -Microsoft Windows Xp -Microsoft Windows Server 2003 -Microsoft Windows Server 2003 R2 Microsoft Windows 7 -5 EDB exploits available2 Metasploit modules available73 Github repositories available14 Articles available

Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted audio file....

Audiofile Audiofile 0.3.61 Github repository available

Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file....

Audiofile Audiofile 0.3.62 Github repositories available

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. In osquery before version 4.6.0, by using sqlite's ATTACH verb, someone with administrative access to osquery can cause reads and writes to arbitrary sqlite databases on disk....

Linuxfoundation Osquery

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook